CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

xdg-email: disable special support for Thunderbird to address following vulnerabilities: - CVE-2020-27748: local file inclusion vulnerability - CVE-2022-4055: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments...

7.4CVSS6.9AI score0.0047EPSS

Exploits2References1

Information Security Automation•added 2025/06/03 12:54 p.m.•11 views

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2024-27443 vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user...

6.1CVSS6.8AI score0.32434EPSS

Exploits0

The Hacker News•added 2025/05/21 6:6 p.m.•50 views

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 aka BlueDelta, Fancy Bear, or Forest Blizzard, which is linked to the Russian General...

9.8CVSS8.4AI score0.93878EPSS

Exploits69

OSV•added 2016/10/10 1:48 p.m.•3 views

OPENSUSE-SU-2016:2484-1 Security update for MozillaThunderbird

This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues: - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. MFSA 2016-86, boo999701 The following bugs were fixed in...

7.1AI score

Exploits0References1

Prion•added 2012/08/12 9:55 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...

4.3CVSS6AI score0.00359EPSS

Exploits2References1Affected Software1

securityvulns•added 2004/05/19 12:0 a.m.•30 views

ROCKET SCIENCE: Outllook 2003

Monday, May 17, 2004 Technical final step to 'silent delivery and installation of an executable on the target computer, no client input other than reading an email' this can be achieved with the highly touted 'secure-by-default' Outlook 2003 mail client from the craftsman known as 'Microsoft'...

6.7AI score

Exploits0

securityvulns•added 2004/05/11 12:0 a.m.•21 views

OUTLOOK 2003: OuchLook

Sunday, May 09, 2004 Outlook 2003 the premier mail client from the company called 'Microsoft' certainly appears to have a lot of security features built into it. Curosry examination shows excellent thought into 'spam' containment, 'security' consideration and many other little 'things'. However...

7AI score

Exploits0

Packet Storm•added 2004/03/19 12:0 a.m.•30 views

eudora603.pl

Eudora 6.0.3 for Windows was released recently. Though known for years, the spoofing of attachments is still not fixed; the problem with LaunchProtect is not fixed either. Spoofing demo essentially identical to 6.0.1 version below. Cheers, Paul Szabo - [email protected]...

7.4AI score

Exploits0

securityvulns•added 2004/01/09 12:0 a.m.•71 views

The Cross Site Scripting inArdGuest Standard

has found: x64rst email: [email protected] Script name : ArdGuest Standard Version : 1.6 WebSite : http://www.promosi-web.com/script/guestbook Email : [email protected] File name : ardguest.php ------The Cross Site Scripting inArdGuest Standard----- script ardguest.php недостаточно фильтрует...

6.8AI score

Exploits0

CERT•added 2003/12/10 12:0 a.m.•25 views

Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...

6.3AI score

Exploits0References1

securityvulns•added 2002/10/23 12:0 a.m.•35 views

NOCC: XSS

NOCC: XSS PROGRAM: NOCC VENDOR: Olivier Cahagne et al. HOMEPAGE: http://nocc.sourceforge.net/ VULNERABLE VERSIONS: 0.9.5, possibly others IMMUNE VERSIONS: 0.9.5 with my patch applied SEVERITY: high LOGIN REQUIRED: no DESCRIPTION: "NOCC is a simple and fast Web-based e-mail reader which can handle...

6.6AI score

Exploits0

securityvulns•added 2002/03/09 12:0 a.m.•49 views

SECURITY.NNOV: Bypassing content filtering software

There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filtering, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename...

7.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by