CVE-2005-1439

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter...

PT-2005-2435 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket affected versions not specified Description: A directory traversal issue exists in the attachments.php file of osTicket, allowing remote attackers to read arbitrary files by using .. sequences in the file parameter of the...

DEBIAN-CVE-2005-0806

Evolution 2.0.3 allows remote attackers to cause a denial of service application crash or hang via crafted messages, possibly involving charsets in attachment filenames...

CVE-2005-0926

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via attachments with MIME-encoded file names...

CVE-2005-0142

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such a...

CVE-2005-0439

Buffer overflow in the decodepost function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names...

CVE-2005-1129

eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient...

DEBIAN-CVE-2005-0926

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via attachments with MIME-encoded file names...

CVE-2005-0142

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such a...

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This...

Sun JavaMail 1.3.2 - 'MimeBodyPart.getFileName' Directory Traversal

source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This issue was reported to affect JavaMail 1.3.2, however, earlier...

CVE-2005-0926

CVE-2005-0926 affects Sylpheed prior to 1.0.4. The vulnerability is a buffer overflow exploitable via attachments with MIME-encoded filenames, enabling remote attackers to crash the application and potentially execute arbitrary code. Documented impact: denial of service and possible code executio...

security flaw

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such a...

Novell Ximan Evolution gropware e-mail client DoS

Large number of text attachments leads to resource exhaustion...

[Full-Disclosure] Novell/Ximian Evolution multiple text attachments DoS

================== =====Analysis===== ================== I just wanted to inform users of Ximian Evolution 2.0 software that there exists a way to temporarily DoS the local application and/or machine by attaching an absurd amount of .ezm files to a normal email. It seems that Evolution tries to...

CVE-2004-1672

attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request...

CVE-2004-1635

Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive...

CVE-2004-1521

Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers...

CVE-2005-0439

Removed by vendor...

Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload

source: https://www.securityfocus.com/bid/12495/info 602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could...