955 matches found
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the compose function in the AOSP Mail component of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information through a specially creat...
CVE-2016-2458
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and...
CVE-2016-2458
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and...
CVE-2016-2458
The CVE-2016-2458 issue affects AOSP Mail: the compose functionality in Android 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-05-01) does not adequately restrict attachments, enabling information disclosure via a crafted app related to ComposeActivity.java and ComposeActivityEmail.java....
Mail.ru: XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply при ответе на специальным образом сформированное письмо
Здравствуйте! https://light.mail.ru/compose и https://m.mail.ru/composeid/reply подвержены второму вектору XSS похожему на 88492. Вторая уязвимость существует из-за недостаточной фильтрации текста сообщения, на которое хочет ответить пользователь, при его выводе в - поле ответа - в качестве цитат...
Fedora 19 : claws-mail-3.11.1-2.fc19 / claws-mail-plugins-3.11.1-1.fc19 / libetpan-1.6-1.fc19 (2014-14237) (POODLE)
SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...
openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)
Claws Mail was updated to version 3.11.0. Changes : + SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability CVE-2014-3566. + Several PGP/Core plugin improvements : - Indicate when a key has been revoked or has expired when displaying signature status. - Whe...
Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)
SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...
How to use PGP encryption with Mozilla Thunderbird Email client
In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard. Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws ...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
Multiple browsers DoS
Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSconfigdirplugins parameter to plugins/address/admin/index.php, 2 GLOBALSconfigdirfunctions parameter to plugins/im/compose.php, and 3...
CVE-2009-3250
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...
CVE-2009-3250
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...
SquirrelMail多个表单跨站请求伪造漏洞
CVECAN ID: CVE-2009-2964 SquirrelMail是一款PHP编写的WEBMAIL程序。 SquirrelMail没有正确地过滤用户向多个表单(发送消息、更改偏好等)所提交的内容,远程攻击者可以通过跨站请求伪造攻击执行删除邮件、发送邮件等操作。以下是受影响的页面: functions/mailboxdisplay.php src/addrbooksearchhtml.php src/addressbook.php src/compose.php src/folders.php src/folderscreate.php src/foldersdelete.php...
NCTVideoStudio ActiveX DLLs 1.6 Insecure Method File Creation Exploit
Exploit for unknown platform in category remote exploits ===================================================================== NCTVideoStudio ActiveX DLLs 1.6 Insecure Method File Creation Exploit ===================================================================== NCTVideoStudio ActiveX DLLs...
Debian Security Advisory DSA 1154-1 (squirrelmail)
The remote host is missing an update to squirrelmail announced via advisory DSA 1154-1. James Bercegay of GulfTech Security Research disovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or wri...
Debian: Security Advisory (DSA-1154)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CSRF through HTML message in squirrelmail
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...
php imap_mail_compose() buffer overflow via type.parameters
Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...