22 matches found
EUVD-2006-6414
Malware in sbrugna...
FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20799)
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by email signatures. No detailed vulnerability...
CVE-2023-26428
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...
CVE-2023-26428
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...
CVE-2023-26428
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...
CVE-2023-26428
CVE-2023-26428 affects Open-Xchange OX App Suite (OXAS-BACKEND). Affected component: snippet retrieval mechanism where attackers could request arbitrary snippet IDs, including other users’ email signatures within the same context, effectively reading non-shared content due to permission handling ...
Open-Xchange OX App Suite 安全漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite OXAS-BACKEND, which stems from the fact that an attacker can successfully request arbitrary fragment IDs, including email signatures...
CVE-2021-4126
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the addition...
Mozilla Thunderbird 数据伪造问题漏洞
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols, and HTML mail formats. Mozilla Thunderbird suffers from a data forgery vulnerability that stems from the fact...
Mageia: Security Advisory (MGASA-2018-0354)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90755)
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...
Cross site scripting
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, whi...
Code injection
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...
CVE-2019-8338
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...
MGASA-2018-0354 Updated thunderbird packages fix security vulnerabilities
Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...
Code injection
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...
DEBIAN-CVE-2018-12019
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...
CVE-2018-12019
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...
CVE-2018-12019
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...