EUVD-2005-2342

Malware in sbrugna...

EUVD-2003-1441

Malware in sbrugna...

CVE-2024-48906

Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name...

CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2008-3823

Cross-site scripting XSS vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message...

Mail.ru: XSS с помощью специально сформированного файла.

XSS on sandbox domain via e-mail attachment...

Stack overflow

Stack-based buffer overflow in the pharfixfilepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling...

CVE-2015-0605

The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance ESA devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343...

CVE-2014-2393

Cross-site scripting XSS vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment...

Cross site scripting

Cross-site scripting XSS vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment...

CVE-2013-4674

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

Code injection

@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/...

Adobe Warns: Unpatched PDF Vulnerability Under Attack

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers. The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX. Adobe described the in-the wild attacks as limited an...

yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities

------------------------------------------------------------------------ yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities ------------------------------------------------------------------------ Yorick Koster, June 2009...

yTNEF/Evolution Directory Traversal / Buffer Overflow

------------------------------------------------------------------------ yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities ------------------------------------------------------------------------ Yorick Koster, June 2009...

E-mail attachment execution

Added: 01/28/2009 Background This tool sends an e-mail attachment which, when executed, establishes a command connection. Limitations This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of...

E-mail attachment execution

Added: 01/28/2009 Background This tool sends an e-mail attachment which, when executed, establishes a command connection. Limitations This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of...