Lucene search
K

955 matches found

BDU FSTEC
BDU FSTEC
added 2016/05/20 12:0 a.m.6 views

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the compose function in the AOSP Mail component of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information through a specially creat...

4.3CVSS6.3AI score0.00471EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/05/09 10:59 a.m.4 views

CVE-2016-2458

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and...

5.5CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2016/05/09 10:0 a.m.22 views

CVE-2016-2458

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and...

5.3AI score0.00471EPSS
Exploits0References3
CVE
CVE
added 2016/05/09 10:0 a.m.41 views

CVE-2016-2458

The CVE-2016-2458 issue affects AOSP Mail: the compose functionality in Android 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-05-01) does not adequately restrict attachments, enabling information disclosure via a crafted app related to ComposeActivity.java and ComposeActivityEmail.java....

5.5CVSS5.5AI score0.00471EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2015/09/14 8:26 p.m.25 views

Mail.ru: XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply при ответе на специальным образом сформированное письмо

Здравствуйте! https://light.mail.ru/compose и https://m.mail.ru/composeid/reply подвержены второму вектору XSS похожему на 88492. Вторая уязвимость существует из-за недостаточной фильтрации текста сообщения, на которое хочет ответить пользователь, при его выводе в - поле ответа - в качестве цитат...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/06 12:0 a.m.41 views

Fedora 19 : claws-mail-3.11.1-2.fc19 / claws-mail-plugins-3.11.1-1.fc19 / libetpan-1.6-1.fc19 (2014-14237) (POODLE)

SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...

4.3CVSS6.8AI score0.99999EPSS
Exploits7References28
Tenable Nessus
Tenable Nessus
added 2014/11/11 12:0 a.m.28 views

openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)

Claws Mail was updated to version 3.11.0. Changes : + SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability CVE-2014-3566. + Several PGP/Core plugin improvements : - Indicate when a key has been revoked or has expired when displaying signature status. - Whe...

4.3CVSS6.3AI score0.99999EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2014/11/11 12:0 a.m.46 views

Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)

SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...

4.3CVSS6.8AI score0.99999EPSS
Exploits7References28
The Hacker News
The Hacker News
added 2014/01/12 11:42 p.m.24 views

How to use PGP encryption with Mozilla Thunderbird Email client

In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard. Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws ...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2013/08/29 10:0 a.m.25 views

CVE-2013-5645

Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...

5.3AI score0.0188EPSS
Exploits2References5
securityvulns
securityvulns
added 2010/06/07 12:0 a.m.52 views

Multiple browsers DoS

Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI...

2.5AI score
Exploits0References5Affected Software4
Prion
Prion
added 2009/12/30 9:30 p.m.16 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSconfigdirplugins parameter to plugins/address/admin/index.php, 2 GLOBALSconfigdirfunctions parameter to plugins/im/compose.php, and 3...

7.5CVSS8.2AI score0.02427EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2009/09/18 8:30 p.m.21 views

CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

9CVSS7.3AI score0.10932EPSS
Exploits1References8
Cvelist
Cvelist
added 2009/09/18 8:0 p.m.23 views

CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

7.3AI score0.10932EPSS
Exploits1References8
seebug.org
seebug.org
added 2009/08/28 12:0 a.m.37 views

SquirrelMail多个表单跨站请求伪造漏洞

CVECAN ID: CVE-2009-2964 SquirrelMail是一款PHP编写的WEBMAIL程序。 SquirrelMail没有正确地过滤用户向多个表单(发送消息、更改偏好等)所提交的内容,远程攻击者可以通过跨站请求伪造攻击执行删除邮件、发送邮件等操作。以下是受影响的页面: functions/mailboxdisplay.php src/addrbooksearchhtml.php src/addressbook.php src/compose.php src/folders.php src/folderscreate.php src/foldersdelete.php...

6.8CVSS7.5AI score0.01517EPSS
Exploits1
0day.today
0day.today
added 2009/01/26 12:0 a.m.16 views

NCTVideoStudio ActiveX DLLs 1.6 Insecure Method File Creation Exploit

Exploit for unknown platform in category remote exploits ===================================================================== NCTVideoStudio ActiveX DLLs 1.6 Insecure Method File Creation Exploit ===================================================================== NCTVideoStudio ActiveX DLLs...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.30 views

Debian Security Advisory DSA 1154-1 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory DSA 1154-1. James Bercegay of GulfTech Security Research disovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or wri...

6.4CVSS0.2AI score0.09234EPSS
Exploits4
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.24 views

Debian: Security Advisory (DSA-1154)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.7AI score0.09234EPSS
Exploits4References3
RedHat Linux
RedHat Linux
added 2007/05/17 2:57 p.m.4 views

CSRF through HTML message in squirrelmail

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...

5CVSS6AI score0.01374EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/03/14 2:1 a.m.4 views

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

7.5CVSS6.3AI score0.10382EPSS
Exploits1References4
Rows per page
Query Builder