10 matches found
EUVD-2007-0615
Malware in sbrugna...
psc.earthlink.net XSS vulnerability
Open Bug Bounty ID: OBB-595947 Description| Value ---|--- Affected Website:| psc.earthlink.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
staging.earthlink.net XSS vulnerability
Open Bug Bounty ID: OBB-369472 Description| Value ---|--- Affected Website:| staging.earthlink.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
Quiksoft EasyMail SMTP ActiveX control stack buffer overflow vulnerabilities
Overview The Quiksoft EasyMail SMTP ActiveX control contains multiple stack buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Quiksoft EasyMail Objects is a set of ActiveX controls that provides emai...
Code injection
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the 1 AddSenderToWhitelist and 2 AddDomainToWhitelist functions...
CVE-2007-0617
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the 1 AddSenderToWhitelist and 2 AddDomainToWhitelist functions...
CVE-2007-0617
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the 1 AddSenderToWhitelist and 2 AddDomainToWhitelist functions...
CVE-2007-0617
The CVE-2007-0617 entry involves Earthlink TotalAccess’s SpamBlocker.dll ActiveX control, which is labeled “safe for scripting.” This misclassification enables a remote attacker to modify the spam‑blocker whitelist by invoking AddSenderToWhitelist or AddDomainToWhitelist, allowing arbitrary addre...
Earthlink TotalAccess AtciveX protection bypass
It's possible to manage sender and domain whitelists...
[Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
Title: ------------------- Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability Vendor Contacted: ------------------- now-ish. Background Info: ------------------- Earthlink TotalAccess Download Site: http://www.earthlink.net/software/free/totalaccess/highspeed/ Description:...