PT-2024-19710 · Open Xchange Gmbh +1 · Ox App Suite

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises from E-Mails being exported as PDF and stored in a cache that does not consider specific session information for the related user account. This allows users of the same...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnera...

Fortinet FortiMail Authentication Error Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. An authentication error vulnerability exists in Fortinet FortiMail that stems from improperly limiting excessive authentication attempts. A...

CVE-2023-5422 SSL Certificates are not checked for E-Mail Handling

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...

Unspecified Vulnerability in FortiMail

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A security vulnerability exists in Webmail before FortiMail 6.4.4, which can be exploited by an attacker to gain unauthorized access to fil...

U.S. Dept Of Defense: Second Order XSS via █████

Summary: A malicious user can use HTML injection to send a malicious chat message to an unsuspecting user, leading to a second order HTML injection/XSS via e-mail. Description: This will send an e-mail to the user that they have received a new message, and the malicious message will be sent to th...

Oracle Linux 6 : mailman (ELSA-2015-1417)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2015-1417 advisory. - fix CVE-2002-0389 - local users able to read private mailing list archives - fix CVE-2015-2775 - directory traversal in MTA transports Tenable has...

E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

PineApp Mail-SeCure test_li_connection.php Command Injection

Added: 08/08/2013 BID: 61477 OSVDB: 95782 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection. Problem PineApp...

PineApp Mail-SeCure test_li_connection.php Command Injection

Added: 08/08/2013 BID: 61477 OSVDB: 95782 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection. Problem PineApp...

E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "E-Mail Security...

E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

Exploit for cgi platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

This module exploits a command injection vulnerability found in E-Mail Security Virtual Appliance. This module abuses the learn-msg.cgi file to execute arbitrary OS commands without authentication. This module has been successfully tested on the ESVA2057 appliance. This module requires Metasploit...

E-Mail Security Virtual Appliance (ESVA) RCE Vulnerability - Active Check

E-Mail Security Virtual Appliance ESVA is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only i...

ToorCon: New Apps, Old Infrastructure Make Toxic Brew

In a variety of ways, experts at this weekend’s ToorCon Conference warned that the tidal wave of new devices and Web based services is straining an already aging Internet infrastructure, with privacy and security as the first victims. Call it the ‘schizophrenia of now’: a tidal wave of new...

E-Mail Security Questions Easily Answered

A Cambridge University study has shown how easy it is to guess the answer to common questions, such as someone’s mother’s maiden name. It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess answers. Read the full article. BBC...

CVE-2010-0464

CVE-2010-0464 affects Roundcube 0.3.1 and earlier, where the browser is not instructed to avoid DNS prefetching for domain names in email messages, enabling remote attackers to infer the user’s network location by DNS requests. Public references include Fedora backport and Debian backports adviso...

NaviCOPA Web Server 3.01 - Remote Buffer Overflow

NaviCOPA Web Server 3.01 - Remote Buffer Overflow / navicpntxp1.c NaviCopa Web Server 3.01 Remote Buffer Overflow Exploit Cresit : http://milw0rm.com/exploits/7966 Thanks To: e.wiZz! Coded by : SimO-s0fT Madridista ; E-mail : OverflowsatHotmaildotcom Tested on Windows XP SP2 Francais , Win2k SP4...

RedHat Security Advisory RHSA-2009:0358

The remote host is missing updates announced in advisory RHSA-2009:0358. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management PIM tools for the GNOME desktop environment. It was discovered that evolution did not...

CVE-2008-2379

Cross-site scripting XSS vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message...