Sun JavaMail 1.x - Multiple Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/13753/info Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The following issues are reported: A remote attacker may reveal the...

Kerio MailServer < 6.0.10 Multiple Mail Handling DoS

According to its banner, the remote host is running a version of Kerio MailServer prior to 6.0.10. In those versions, crashes can occur when downloading certain email messages in IMAP or Outlook with Kerio Outlook Connector KOC or, under Linux, when parsing email messages with multiple embedded...

security flaw

Evolution 2.0.3 allows remote attackers to cause a denial of service application crash or hang via crafted messages, possibly involving charsets in attachment filenames...

CVE-2005-1439

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter...

CVE-2005-1439

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter...

PT-2005-2435 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket affected versions not specified Description: A directory traversal issue exists in the attachments.php file of osTicket, allowing remote attackers to read arbitrary files by using .. sequences in the file parameter of the...

DEBIAN-CVE-2005-0806

Evolution 2.0.3 allows remote attackers to cause a denial of service application crash or hang via crafted messages, possibly involving charsets in attachment filenames...

CVE-2005-0926

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via attachments with MIME-encoded file names...

CVE-2005-0142

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such a...

CVE-2005-0439

Buffer overflow in the decodepost function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names...

CVE-2005-1129

eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient...

DEBIAN-CVE-2005-0926

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via attachments with MIME-encoded file names...

CVE-2005-0142

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such a...

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This...

Sun JavaMail 1.3.2 - &#039;MimeBodyPart.getFileName&#039; Directory Traversal

source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This issue was reported to affect JavaMail 1.3.2, however, earlier...

CVE-2005-0926

CVE-2005-0926 affects Sylpheed prior to 1.0.4. The vulnerability is a buffer overflow exploitable via attachments with MIME-encoded filenames, enabling remote attackers to crash the application and potentially execute arbitrary code. Documented impact: denial of service and possible code executio...

security flaw

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such a...

[Full-Disclosure] Novell/Ximian Evolution multiple text attachments DoS

================== =====Analysis===== ================== I just wanted to inform users of Ximian Evolution 2.0 software that there exists a way to temporarily DoS the local application and/or machine by attaching an absurd amount of .ezm files to a normal email. It seems that Evolution tries to...

Novell Ximan Evolution gropware e-mail client DoS

Large number of text attachments leads to resource exhaustion...

CVE-2004-1635

Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive...