31 matches found
FreeBSD : horde -- multiple vulnerabilities (7d239578-7ff2-11dd-8de5-0030843d3802)
Secunia reports : Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks Input via MIME attachment linking is not properly sanitised in the MIME library before being used. This can be exploited to execute...
CVE-2006-6490
The CVE-2006-6490 issue affects Symantec/Norton consumer products that ship the SupportSoft ActiveX controls SmartIssue tgctlsi.dll and ScriptRunner tgctlsr.dll. The vulnerability is described as multiple stack/heap buffer overflows in these ActiveX controls, which could allow remote code executi...
CVE-2006-3842
Cross-site scripting XSS vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message...
CVE-2006-3842
Cross-site scripting XSS vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message...
zohoXSS.txt
Hello, We have discovered a vunerability in Zoho Virtual Office. Malformed HTML message could lead to XSS Attack. It can cause a cookie theft leading to session hijacking. PoC: Simply creating HTML message including Javascript code could lead the browser's frame into evil script on attacker's...
CVE-2005-2512
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak...
CVE-2004-2401
Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."...
KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing
source: https://www.securityfocus.com/bid/13085/info A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. An attacker may leverage this issue to spoof email content and various header...
CommuniGate Pro Webmail 4.0.6 - Session Hijacking
!/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your AnyImage.gif. When victim will read message, script will...
Special DOS device DoS against Microsoft Outlook Express
Summary: ======== Affected: Outlook Express 5.5, 6.0 with all fixes Not tested: Microsoft Outlook Vendor: Microsoft Risk: Average Remote: Yes Exploitable: Yes Description: ========== Outlook Express hangs on HTML message with BGSOUND or IFRAME tag pointing to special device. Outlook Express will...
mutt.tempfile.race.txt
Date: Sun, 28 Feb 1999 09:28:43 +0100 From: Thomas Roessler To: [email protected] Subject: mutt security tempfile race in mutt Parts/Attachments: 1.1 Shown 39 lines Text 1.2 OK 134 lines Text 2 475 bytes Application ---------------------------------------- An anonymous Debian developer forward...