TencentOS Server 3: thunderbird (TSSA-2025:0445)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0445 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

JLSEC-2025-93 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

EUVD-2005-2342

Malware in sbrugna...

EUVD-2003-1441

Malware in sbrugna...

CVE-2024-48906

Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name...

CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2008-3823

Cross-site scripting XSS vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message...

Microsoft Word Mail Attachment Remote Code Execution

A remote code execution vulnerability exists in Microsoft Office . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

[SECURITY] [DLA 1344-1] squirrelmail security update

Package : squirrelmail Version : 2:1.4.23svn20120406-2+deb7u2 CVE ID : CVE-2018-8741 Debian Bug : 893202 Florian Grunow and Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrar...

Suspicious Metadata Mail Phishing Containing Attachment - ver2

Mail attachment containing a malicious downloader was observed as part of ransomware campaigns. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the target system...

Malicious Embedded Executable Downloader

Many campaigns are known to use mail attachments containing double zipped files. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...

Suspicious Metadata Mail Phishing Redirection

Mail attachment containing a malicious html file was observed as part of recent campaigns. A remote attacker could send spam e-mails including those html and redirects users to manually download malicious files...

Suspicious Microsoft Office File Archive Mail Attachment

Many campaigns are known to use mail attachments containing double zipped files. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...

Suspicious Microsoft Publisher Mail Attachment

Microsoft Office Publisher files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...

Mail.ru: XSS с помощью специально сформированного файла.

XSS on sandbox domain via e-mail attachment...

Suspicious Office File Mail Phishing Attempt

Certain exploits or ransomware can be downloaded using office file extensions as mail attachments . A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

Suspicious HTTPS YAHOO Mail Attachment Containing JavaScript Code

Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...

Suspicious Mail Attachment Containing JavaScript Code

Mail attachments containing JavaScript code were observed as part of various phishing campaigns. A remote attacker could send e-mails including those files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method ...