TencentOS Server 3: thunderbird (TSSA-2025:0600)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0600 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2009-0957

Malware in sbrugna...

EUVD-2013-0170

Malware in sbrugna...

EUVD-2002-1749

Malware in sbrugna...

EUVD-2018-19423

Malware in sbrugna...

EUVD-2022-42467

Malicious code in bioql PyPI...

About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)

About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...

CVE-2002-2108

Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail...

CVE-2025-3877

Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986...

CVE-2025-3877

...

CVE-2025-3877

...

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...

CVE-2018-7707

Cross-site scripting XSS vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message...

Apple iOS Malicious Email Forgery Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability in the handling of HTML emails in Apple iOS allows an attacker to send a special email where the message can be viewed with an arbitrary WEB page to replace the message content...

Microsoft Internet Explorer 5/6 XML Redirect File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5560/info A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files,...

CVE-2010-4766

The AgentTicketForward feature in Open Ticket Request System OTRS before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a...

DSA-1802-2 squirrelmail - incomplete fix

Bulletin has no description...

Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Visual Basic 6 TypeLib Information Library TLI ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote...

CVE-2004-1616

Links allows remote attackers to cause a denial of service memory consumption via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme...