JLSEC-2025-21 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ...

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

EUVD-2002-1478

Malware in sbrugna...

SUSE CVE-2012-5565

Cross-site scripting XSS vulnerability in js/compose-dimp.js in Horde Internet Mail Program IMP before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic vi...

SUSE CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

SUSE CVE-2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

CVE-2022-21805

Reflected cross-site scripting vulnerability in the attached file name of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

VulnCheck KEV: CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted...

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

Unauthorized Access Vulnerability in the Website Building System of Beijing Jinfang Times Technology Co.

Beijing Jinfang Times Technology Co., Ltd. is a company that provides website construction services for enterprises, institutions and government agencies. An unauthorized access vulnerability exists in the website building system of Beijing Jinfang Times Technology Co. An attacker can exploit the...

PT-2020-3794 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions prior to the fixed version Description: An information disclosure issue exists when attaching files to Outlook messages, potentially allowing users to share attached files with anonymous users, even when they should...

UBUNTU-CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

CVE-2016-7509

Cross-site scripting XSS vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket...

CVE-2013-3736

Cross-site scripting XSS vulnerability in the MobileUI aka RT-Extension-MobileUI extension before 1.04 in Request Tracker RT 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file...

CVE-2012-5565

Cross-site scripting XSS vulnerability in js/compose-dimp.js in Horde Internet Mail Program IMP before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic vi...

Cross site scripting

Cross-site scripting XSS vulnerability in js/compose-dimp.js in Horde Internet Mail Program IMP before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic vi...

CVE-2012-5565

Cross-site scripting XSS vulnerability in js/compose-dimp.js in Horde Internet Mail Program IMP before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic vi...

Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Do you use Thunderbird, a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user’s machine. Mozilla Thunderbird 17.0.6 email application is...

Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling

Overview Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name. Impact Actual impact could differ depending on the email clients thoug...

Microsoft Jet Engine MDB File Parsing Stack Overflow PoC

No description provided by source. Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability by cocoruderfrankruderathotmail.com http://ruder.cdut.net Summary: A remote code execute vulnerability exists in Microsoft Jet...

CVE-2005-0783

Cross-site scripting XSS vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file...