14 matches found
CVE-2025-12460
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
EUVD-2006-3212
Malware in sbrugna...
EUVD-2017-1438
Malware in sbrugna...
EUVD-2010-1154
Malware in sbrugna...
EUVD-2025-11005
Malicious code in bioql PyPI...
CVE-2019-13612
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...
PT-2024-19812 · Tuta · Tuta
Name of the Vulnerable Software and Affected Versions: Tuta versions prior to 119.10 Description: The issue concerns the loading of external content in emails. In the default setting, external resources should not be loaded without user confirmation. However, certain embedded images can be loaded...
PT-2023-32094 · Openssl +2 · Openssl +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static S...
CVE-2022-36073 RubyGems allows creation of users with arbitrary unverified emails
RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that...
GLSA-200411-25 : SquirrelMail: Encoded text XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200411-25 SquirrelMail: Encoded text XSS vulnerability SquirrelMail fails to properly sanitize certain strings when decoding specially crafted headers. Impact : By enticing a user to read a specially crafted e-mail, an attacker ca...
Restricted Zone: the OUTLOOK EXPRESS
Tuesday, 20 May, 2003 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE. Technically the following never worked, cannot work,...
CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
Core Security Technologies Advisory http://www.coresecurity.com Multiple vulnerabilities in Ximian's Evolution Mail User Agent Date Published: 2003-03-19 Last Update: 2003-03-19 Advisory ID: CORE-20030304-01 Bugtraq IDs: 7117, 7118, 7119 CVE CAN: CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 Title:...
Microsoft Outlook Express 5/6 - Spoofable File Extensions
source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look like a .txt or other seemingly...
Ошибка между imapd И mail.local
Hello, Надеюсь, что хотя бы из чувства патриотизма может быть еще кто-нибудь в дальнейшем решится писать в этот список рассылки до или хотя бы одновременно публикации в Bugtraq : Ошибка несерьезная, но достаточно интересная. Дело в том, что в данном случае ни одна из программ не содержит явной...