DEBIAN-CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

CVE-2024-6740

Openfind Mail2000 is affected by a Stored XSS vulnerability arising from improper validation of email attachments. An unauthenticated remote attacker can inject JavaScript into an attachment, with the attack executed when the attachment is viewed (stored XSS). Affected product: Openfind Mail2000....

CVE-2024-6048

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server...

CVE-2021-35002

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of...

CVE-2024-25507

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the emailattachid parameter at /LHMail/AttachDown.aspx...

CVE-2024-23188

CVE-2024-23188 affects Open-Xchange App Suite; multiple connected sources describe a vulnerability where maliciously crafted E‑mail attachment names can temporarily execute script code in a user’s browser session, with common user interaction required. The Open-Xchange-related entries indicate af...

Remote Code Execution

maildev is vulnerable to Remote Code Execution. The vulnerability is due to insufficient input validation and sanitization of crafted Content-ID header for an e-mail attachment, resulting in lib/mailserver.js writing arbitrary code into the routes.js file...

GHSA-VC6Q-CCJ9-9R89 MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev versions 2 through 2.1.0 are vulnerable to Remote Code Execution via a crafted Content-ID header in an email attachment, causing lib/mailserver.js to write arbitrary code into routes.js. This is a network-borne vulnerability with high impact (CRITICAL CVSS 3.1), and there is public exploi...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

Remote code execution

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...

Adobe Acrobat Reader Thermometer use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1794 Adobe Acrobat Reader Thermometer use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-44336 SUMMARY A use-after-free vulnerability exists in the Thermometer Javascript object in Adobe Acrobat Reader 2023.001.20174. Specially crafted...

October 3, 2023, update for Access 2016 (KB5002209)

October 3, 2023, update for Access 2016 KB5002209 This article describes update 5002209 for Microsoft Access 2016 that was released on October 3, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

Debian DSA-5463-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5463 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fa...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2023-212-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.13.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-212-01 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be...

CVE-2023-3417

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

CVE-2023-3417

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...