15 matches found
PT-2026-42058
The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliver pos rest authentication...
CVE-2023-40440
This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted...
CVE-2017-18393
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail SEC-326...
EUVD-2015-3746
Malware in sbrugna...
EUVD-2017-9509
Malware in sbrugna...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
GHSA-FF6V-W58F-V97W XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right
Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as whi...
CVE-2025-5986
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
Leantime affected by Improper Neutralization of HTML Tags
Summary HTML can be arbitrarily injected into emails from Leantime due to improper neutralization of HTML tags in users' first names. This effectively allows for the creation of phishing emails from a Leantime instance's email address...
CVE-2017-18393
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail SEC-326...
CVE-2019-13612
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...
Patched Microsoft Office 365 XSS Vulnerability Disclosed
A researcher in the UK disclosed the details of a serious cross-site scripting vulnerability in Office 365 that would allow an attacker with a mailbox on Office 365 to gain administrator rights over the Microsoft Web-based application in an organization. An exploit in an enterprise environment...
Microsoft Outlook 2002 - Mailto Quoting Zone Bypass
Microsoft Outlook 2002 - Mailto Quoting Zone Bypass source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer t...
Trend Micro Interscan VirusWall for Windows NT 3.52 - Space Gap Scan Bypass
source: https://www.securityfocus.com/bid/5259/info A vulnerability has been reported in certain VirusWall versions. Reportedly, it is possible to bypass the scanning mechanism of VirusWall by adding extraneous spaces in certain email HTTP header fields. A malicious email server may add extraneou...
msie-4-5.outlook+word97.txt
Date: Wed, 27 Jan 1999 14:14:39 +0000 From: Vesselin Bontchev To: [email protected] Subject: IE 4/5/Outlook + Word 97 security hole Hello folks, This is not a strictly Windows NT issue - it affects Windows 9x users too. However, it is a very important one, so I decided to post abou...