Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution

Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution source: https://www.securityfocus.com/bid/26510/info Apple Mac OS X is prone to a vulnerability that can allow arbitrary code to run. This issue affects the Mail application when handling email attachments. Attackers can exploit this issue to...

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...

CVE-2002-2331

W3Mail 1.0.2 through 1.0.5 with server side scripting SSI enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the...

CVE-2002-2331

CVE-2002-2331 affects W3Mail 1.0.2–1.0.5 with server-side scripting (SSI) enabled in the attachments directory. The vulnerability arises from insufficient restrictions on attachment file types, enabling remote attackers to execute arbitrary code by sending code within MIME attachments and then re...

Security level for attachments and screenshots

Discussing inside the team issues reported to JIRA by customers, we can hide from them our in-team comments, but cannot do it to attachments and screen-shots...

Security level for attachments and screenshots

Discussing inside the team issues reported to JIRA by customers, we can hide from them our in-team comments, but cannot do it to attachments and screen-shots...

Authentication flaw

The pop3 Proxy in Astaro Security Gateway ASG 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment...

Symantec Mail Security for SMTP Executable Attachment Parsing Denial of Service

SUMMARY A denial of service has been discovered in Symantec Mail Security for SMTP when parsing Executable Attachments. Risk Impact Low Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Products | Versions | Solution...

XSS through HTML message in squirrelmail

Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that are not properly filtered when viewed...

Cross site scripting

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...

Microsoft Outlook Web Access Remote Script Injection Vulnerability

Description Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments. To exploit this issue, attackers must send specially crafted files through email messages to users of the affected applicatio...

vbulletin admincp sql injection

// CREDIT: discovered by meto5757 and disfigure PRODUCT: vBulletin http://www.vbulletin.com/ VULNERABILITY: SQL Injection NOTES: - not a serious vulnerability, can only be used by administrator of site - SQL injection can be used to obtain password hash - tested on 3.6.4 and 3.6.5 POC: 1. Log in ...

[Full-disclosure] vbulletin admincp sql injection

// CREDIT: discovered by meto5757 and disfigure PRODUCT: vBulletin http://www.vbulletin.com/ VULNERABILITY: SQL Injection NOTES: - not a serious vulnerability, can only be used by administrator of site - SQL injection can be used to obtain password hash - tested on 3.6.4 and 3.6.5 POC: 1. Log in ...

vbulletin-sql.txt

// CREDIT: discovered by meto5757 and disfigure PRODUCT: vBulletin http://www.vbulletin.com/ VULNERABILITY: SQL Injection NOTES: - not a serious vulnerability, can only be used by administrator of site - SQL injection can be used to obtain password hash - tested on 3.6.4 and 3.6.5 POC: 1. Log in ...

DEBIAN-CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

CVE-2006-5877

The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service crash, as demonstrated with Mozilla Thunderbird...

DEBIAN-CVE-2006-5877

The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service crash, as demonstrated with Mozilla Thunderbird...

CVE-2006-5877

The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service crash, as demonstrated with Mozilla Thunderbird...

CVE-2006-5877

The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service crash, as demonstrated with Mozilla Thunderbird...