EUVD-2017-17140

Malware in sbrugna...

EUVD-2016-5561

Malware in sbrugna...

Zero 安全漏洞

Zero is an email application from Zero Open Source. A security vulnerability exists in Zero version 0.8 that stems from improper email cleanup and could lead to session hijacking...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 6.1.94.2, which stemmed from a use-implicit-intent issue contained in th...

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

CVE-2023-45660

CVE-2023-45660 affects Nextcloud Mail. The vulnerability arises from a missing check of origin, target and cookies in the image proxy/endpoint, enabling an attacker to abuse the proxy and cause a denial of service to a third server. Affected versions are Nextcloud Mail prior to 2.2.8 and prior to...

CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

Samsung Email app security patch for CWE-297

Last Modified Date Sep 15, 2023 7:06:21 AM...

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

CVE-2023-23944

Nextcloud Mail app (for Nextcloud server) stored user passwords in cleartext in the database during the OAuth2 setup procedure in versions prior to 2.2.2. An attacker with database access could read these passwords until OAuth setup completes. Remediation: upgrade the Nextcloud Mail app to versio...

CVE-2019-14756

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...

Shopify: XSS within Shopify Email App - Admin

The Shopify Email Application is vulnerable to XSS A user with only Settings https://hackerone.myshopify.com/admin/settings/general access can inject html within the Apartment, suite, etc. optional of the Store address section that will then be displayed in the Shopify Email Template edition Step...

Code injection

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. The Email application allows attackers to send emails on behalf of any user via a broadcasted intent. The Samsung ID is SVE-2017-9357 September 2017...

CVE-2019-9440

In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37637796...

Cross site scripting

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

CVE-2018-9140

CVE-2018-9140 concerns Samsung mobile devices running Android M (6.0). The Email application is vulnerable to a cross-site scripting (XSS) attack via an event attribute and can load arbitrary files through a src attribute, identified as SVE-2017-10747. Connected sources (NVD/CNVD/PRION/CVELIST) c...

Cross site scripting

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email...

CVE-2017-8178

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email...

CVE-2017-8178

Huawei Email APP on Vicky-AL00 smartphones is affected by a stored XSS vulnerability in versions earlier than VKY-AL00C00B171. A remote attacker could send an email containing malicious script and trigger execution when a user opens the email. The issue arises from insufficient verification of pa...

Security Advisory - Stored Cross-Site Scripting Vulnerability in Huawei Email APP of Smartphones

There is a stored cross-site scripting vulnerability in Huawei Email APP of smartphones. The vulnerability is due to insufficient verification of parameter values. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user t...