CVE-2009-0569

Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request...

CVE-2009-0054

PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user...

Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from...

SeaMonkey < 1.1.13 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.13. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. MFSA 2008-47 - The canvas element can be used in conjunction with a...

Cross site scripting

Cross-site scripting XSS vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type...

Cross site scripting

Cross-site scripting XSS vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."...

CVE-2008-3823

Cross-site scripting XSS vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message...

CVE-2008-3962

The fromformat function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information memory contents in opportunistic circumstances by reading a message...

CVE-2008-2463

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

Code injection

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

Fedora 9 : libetpan-0.54-1.fc9 (2008-5469)

Update to new upstream version 0.54 fixing a crash NULL pointer dereference in the mail message header parser. Note: There is no application in Fedora using libetpan library for which such crash could be considered a security issue. This can only be a security sensitive issue for some 3rd party,...

CVE-2008-2711

fetchmail 6.3.8 and earlier, when running in -v -v aka verbose mode, allows remote attackers to cause a denial of service crash and persistent mail failure via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages...

Buffer overflow

Buffer overflow in mimesr.dll in Autonomy formerly Verity KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail MIME attachment...

CVE-2008-1718

Buffer overflow in mimesr.dll in Autonomy formerly Verity KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail MIME attachment...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a 1 mail message or 2 discussion board message. NOTE: this might overlap CVE-2005-1076...

CVE-2008-1217

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706...

CVE-2008-1217

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706...

CVE-2007-6706

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP...

Heap overflow

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview...

CVE-2008-0304

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview...