6 matches found
GLSA-200408-07 : Horde-IMP: Input validation vulnerability for Internet Explorer users
The remote host is affected by the vulnerability described in GLSA-200408-07 Horde-IMP: Input validation vulnerability for Internet Explorer users Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer...
Horde-IMP: Input validation vulnerability for Internet Explorer users
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...
Microsoft Outlook Express 6.0 - .MHTML Forced File Execution (1)
Microsoft Outlook Express 6.0 - .MHTML Forced File Execution 1 source: https://www.securityfocus.com/bid/9105/info A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed. The proble...
Adobe PhotoDeluxe does not adequately restrict Java execution
Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...
mIRC Buffer Overflow
General Info ------------ Researched by: James Martin Full advisory: http://www.uuuppz.com/research/adv-001-mirc.htm Exploit: Proof of concept code available at above URL. Product: mIRC Website: http://www.mirc.com Version: 5.91 and all prior versions to be best of my knowledge. Fix: A patch will...
Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure
source: https://www.securityfocus.com/bid/1718/info It is possible for an outside attacker to view known files on a remote system if the target user visits a website or opens an email containing a specially formed script containing the JScript function 'GetObject' and the ActiveX object 'htmlfile...