14 matches found
EUVD-2016-4978
Malware in sbrugna...
EUVD-2001-1519
Malware in sbrugna...
EUVD-2024-20707
Malicious code in bioql PyPI...
CVE-2025-3932 Tracking Links in Attachments Bypassed Remote Content Blocking
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...
PT-2025-18713 · Sematell · Sematell Replyone
Name of the Vulnerable Software and Affected Versions: Sematell ReplyOne version 7.4.3.0 Description: The issue allows for cross-site scripting XSS attacks through a ReplyDesk e-mail attachment name. This means an attacker could potentially inject malicious scripts into the system by manipulating...
CVE-2025-3523 User Interface (UI) Misrepresentation of attachment URL
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2018-6882
Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...
CVE-2013-4478
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...
CVE-2010-0163
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted message,...
SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection
source: https://www.securityfocus.com/bid/10154/info It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied HTML and script code contained in email...
SCT Campus Pipeline 1.02.x3.x - Email Attachment Script Injection
SCT Campus Pipeline 1.02.x3.x - Email Attachment Script Injection source: https://www.securityfocus.com/bid/10154/info It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly...
CVE-2001-1542
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments...
CVE-2000-0891
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email...
Security Update For Exchange Server 2016 CU8 (KB4092041)
This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access OWA. The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is...