EUVD-2016-5561

Malware in sbrugna...

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

CVE-2023-45660

CVE-2023-45660 affects Nextcloud Mail. The vulnerability arises from a missing check of origin, target and cookies in the image proxy/endpoint, enabling an attacker to abuse the proxy and cause a denial of service to a third server. Affected versions are Nextcloud Mail prior to 2.2.8 and prior to...

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

CVE-2023-23944

Nextcloud Mail app (for Nextcloud server) stored user passwords in cleartext in the database during the OAuth2 setup procedure in versions prior to 2.2.2. An attacker with database access could read these passwords until OAuth setup completes. Remediation: upgrade the Nextcloud Mail app to versio...

CVE-2019-14756

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...

Shopify: XSS within Shopify Email App - Admin

The Shopify Email Application is vulnerable to XSS A user with only Settings https://hackerone.myshopify.com/admin/settings/general access can inject html within the Apartment, suite, etc. optional of the Store address section that will then be displayed in the Shopify Email Template edition Step...

Code injection

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. The Email application allows attackers to send emails on behalf of any user via a broadcasted intent. The Samsung ID is SVE-2017-9357 September 2017...

Cross site scripting

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

CVE-2018-9140

CVE-2018-9140 concerns Samsung mobile devices running Android M (6.0). The Email application is vulnerable to a cross-site scripting (XSS) attack via an event attribute and can load arbitrary files through a src attribute, identified as SVE-2017-10747. Connected sources (NVD/CNVD/PRION/CVELIST) c...

Cross site scripting

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email...

CVE-2017-8178

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email...

CVE-2017-8178

Huawei Email APP on Vicky-AL00 smartphones is affected by a stored XSS vulnerability in versions earlier than VKY-AL00C00B171. A remote attacker could send an email containing malicious script and trigger execution when a user opens the email. The issue arises from insufficient verification of pa...

Tutanota: simply secure emails - Customized SSL, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Tutanota: simply secure emails published at the 'play' market has multiple vulnerabilities...

SolMail - All-in-One email app - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application SolMail - All-in-One email app published at the 'play' market has multiple vulnerabilities...

A vulnerability leak in your mailbox all the secrets-vulnerability warning-the black bar safety net

Google recently announced a 2 0 1 6 years 1 0 months of Nexus Security Bulletin, which includes a 3 6 0 mobile Guard Alpha teamAlpha Teamto submit e-mail information disclosure Vulnerability, CVE-2 0 1 6-3 9 1 8, The Google of this vulnerability is rated high risk level. The vulnerability can lea...

Cross site scripting

Cross-site scripting XSS vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before...

CVE-2016-4575

Cross-site scripting XSS vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before...

Security Advisory - XSS Vulnerability in the Email App of Huawei Smartphone

There is a vulnerability due to the lack of output encoding for some particular characters in the email APP built in the affected Smart Phones. A successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform a cross-site scripting XSS attack and lead to...