12 matches found
GLPI Arbitrary Code Execution Vulnerability
GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An arbitrary file upload vulnerability exists in versions of GLPI prior ...
Softek MailMarshal 4,Trend Micro ScanMail 1.0 SMTP Attachment Protection Bypass
No description provided by source. source: http://www.securityfocus.com/bid/3097/info At least two SMTP gateway products have been identified which contain flaws in the handling of restricted filetypes as attachments. An attacker can insert extraneous characters in the filename extension of a...
Gameover Zeus Variant Sends Malicious Email Via Cutwail Botnet
The crew responsible for operating the Gameover variant of the infamous Zeus banking trojan is soliciting the enormous Cutwail botnet’s spamming capacity as an engine to fire off millions of malicious emails that seemingly originate from a number of recognizable U.S. banks. The fraudulent emails...
Symantec Mail Security for SMTP File Parsing Vulnerabilities
Symantec Mail Security for SMTP, which provides anti-spam and anti- virus protection for the IIS SMTP Service, is installed on the remote Windows host. The version of Symantec Mail Security for SMTP installed on the remote host reportedly is affected by multiple vulnerabilities caused by buffer...
Symantec Mail Security for SMTP libdayzero.dll Executable Parsing DoS
Symantec Mail Security for SMTP, which provides antispam and antivirus protection for the IIS SMTP Service, is installed on the remote Windows host. The version of Symantec Mail Security for SMTP installed on the remote host contains boundary errors in its detection of executable packers in...
Symantec Mail Security for SMTP可执行程序附件解析拒绝服务漏洞
BUGTRAQ ID: 24625 CVECAN ID: CVE-2007-1792 Symantec Mail Security for SMTP是用于扫描邮件的反垃圾邮件、杀毒和内容过滤软件包。 Mail Security的SMS Filter Hub服务没有正确地解析邮件附件中的可执行程序,如果攻击者发送了恶意邮件的话就可能导致无法处理的访问破坏,服务会周期性的拒绝邮件。 Symantec Mail Security for SMTP 5.0.1 Symantec Mail Security for SMTP 5.0 Symantec Mail Security Appliance...
Code injection
libdayzero.dll in the Filter Hub Service filter-hub.exe in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service crash via a crafted executable attachment in an e-mail, involving the detection of...
CVE-2007-1792
libdayzero.dll in the Filter Hub Service filter-hub.exe in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service crash via a crafted executable attachment in an e-mail, involving the detection of...
SMTP Server Inbound .exe Attachment Detection
Binary data 1173.prm...
Outlook Express 6 - Attachment Security Bypass
Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...
CVE-2001-0398
The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon...
CVE-2000-0342
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."...