EUVD-2022-42466

Malicious code in bioql PyPI...

Mozilla Thunderbird < 128.11.1

The version of Thunderbird installed on the remote Windows host is prior to 128.11.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-49 advisory. - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's...

Security Vulnerabilities fixed in Thunderbird 128.10.1 — Mozilla

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected] [email protected]", Thunderbird treats [email protected] as the...

CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

MGASA-2018-0476 Updated messagelib packages fix security vulnerability

Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. This happens even if the option to allow the HTML emails to access remote servers is disabled in KMail settings. This means that the owners of the servers referred in the email can see in...

Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution

source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is created in the Internet Explorer cach...

O UT LO OK E XPRE SS 6 .00 : broken

Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgroup...

Alleged Outlook Express 56 Link - Denial of Service

Alleged Outlook Express 56 Link - Denial of Service source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...

CVE-2001-1326

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...

CVE-2001-0365

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags...

CVE-2001-1326

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...

[SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service

FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2b This is a follow-up to: SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Several individuals have pointed out an easier exploit scenario for this vulnerability, which additionally does NOT require the Web Publishing feature...

ie.50.redirection.txt

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this...