386 matches found
SUSE CVE-2004-0152
Multiple stack-based buffer overflows in 1 the encodemime function, 2 the encodeuuencode function, 3 or the decodeuuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames...
SUSE CVE-2006-0091
Cross-site scripting XSS vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline...
SUSE CVE-2014-8878
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2022-3155
When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This...
PT-2022-11808 · Unknown · Churchinfo
Name of the Vulnerable Software and Affected Versions: ChurchInfo version 1.3.0 Description: The issue allows attackers to achieve remote code execution through insecure uploads in the ChurchInfo application. This requires authenticated access to the application. Once authenticated, a user can...
CVE-2022-4055
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...
CVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...
PT-2022-15843 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows OS Command Injection via Documentconverter, for example, through an email attachment. Recommendations: For OX App Suite versions 7.10.6 and earlier, update to a version...
WordPress plugin WordPlus Better Messages 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPlus...
“Chemical attack” email warnings deliver Jester Stealer malware
Jester Stealer, a malicious file capable of large amounts of data theft, is on the prowl again. The Ukrainian Computer Emergency Response Team CERT-UA has warned of a large distribution campaign abusing a "chemical attack" theme. Receiving an email like this in the invasion-affected regions of...
Russian threat actor UAC-0056 targets European countries
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of...
BMC Community Track-It! 代码问题漏洞
BMC Community Track-It! is an It helpdesk software from BMC Community USA. It is used for help desks and helpdesks with asset management. A code issue vulnerability exists in BMC Community Track-It! that stems from the handling of email attachments that exist. The issue is caused due to a lack of...
PT-2022-10384 · Bmc · Bmc Track-It!
Name of the Vulnerable Software and Affected Versions: BMC Track-It! affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this issue. The specific flaw exists...
Evasive maneuvers: HTML smuggling explained
Microsoft Threat Intelligence Center MSTIC last week disclosed “a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features” that it calls HTML smuggling. HTML smuggling has been used in targeted, spear-phishing email campaigns that deliver banking Trojans...
Hurricane-Related Scams
CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...
Directory traversal
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code...
Samsung Email Information Disclosure Vulnerability (CNVD-2021-39551)
Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. An information disclosure vulnerability exists in versions prior to Samsung Email 6.1.41.0, which can be exploited by a remote attacker to obtain attachments t...
CVE-2021-25375
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...
cve_manager_VS - A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule
A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product...