CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

CVE-2020-11879

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...

CVE-2020-11879

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...

CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

CVE-2020-2885

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-2866

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-2866

CVE-2020-2866 affects Oracle E-Business Suite, Oracle Applications Framework (Attachments / File Upload). Affected versions are 12.2.5–12.2.9. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the framework, potentially enabling unauthorized update/i...

CVE-2020-2885

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2020-2866

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Unspecified Vulnerability in Oracle Document Management and Collaboration

Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on a variety of management software collection, is seamlessly integrated with a management suite. Oracl...

Privilege Escalation

mutt is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent...

Dynamic Variable Evaluation

SquirrelMail is vulnerable to Dynamic variable evaluation. Users who have an account on a SquirrelMail server and are logged in could use this flaw to overwrite variables which may allow them to read or write other users' preferences or attachments...

Unspecified Vulnerability in Apple iOS and iPadOS Mail Attachments Component

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in the Mail Attachments component of Apple iOS prior to 13.4 and iPadOS prior ...

CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

CVE-2019-14883

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

CVE-2019-14883

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17215)

Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/index-attachments.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17352)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-attachments.php in Chadha PHPKB Standard Multi-Language 9. The...