CVE-2008-0872

Cross-site scripting XSS vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message...

Cross site scripting

Cross-site scripting XSS vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message...

CVE-2008-0872

CVE-2008-0872 affects SmarterTools SmarterMail Enterprise 4.3. The issue is a cross-site scripting (XSS) vulnerability in the webmail Subject field where the STYLE attribute can carry arbitrary HTML/Script reflected in the user’s browser. Root cause: inadequate sanitization of the Subject field b...

Lotus Notes TagAttributeListCopy buffer overflow

Added: 11/21/2007 CVE: CVE-2007-4222 BID: 26200 OSVDB: 40949 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the TagAttributeListCopy function in nnotes.dll could allow command execution when a user receives a specially crafted e-mail message and forwar...

CVE-2007-6029

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable...

CVE-2007-4345

Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message...

CVE-2007-3771

Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service service crash via a long 1 To, 2 From, or 3 Subject header in an outbound SMTP e-mail messag...

Stack overflow

Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Design/Logic Flaw

admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...

CVE-2007-1941

Cross-site scripting XSS vulnerability in the Active Content Filter feature in Domino Web Access DWA in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843...

CVE-2007-1941

Cross-site scripting XSS vulnerability in the Active Content Filter feature in Domino Web Access DWA in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843...

Integer overflow

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line...

Design/Logic Flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

CVE-2007-0994

CVE-2007-0994 affects Mozilla Firefox 2.x before 2.0.0.2 and Firefox 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8. A regression in handling HTML mail with javascript: URIs in , (link), or tags could bypass access checks and allow remote JavaScript execution with chro...

CVE-2006-6940

Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA pop2owa 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message...

Fedora Core 4 : thunderbird-1.0.8-1.1.fc4 (2006-489)

Updated thunderbird packages that fix various bugs are now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several bugs were found in the way Thunderbird...

NeoSys Neon Webmail for Java 5.06/5.07 - 'updatemail' Servlet Arbitrary Mail Message Manipulation

source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an arbitrary-email-manipulation vulnerability - multiple...

NeoSys Neon Webmail for Java 5.065.07 - updatemail Servlet Arbitrary Mail Message Manipulation

NeoSys Neon Webmail for Java 5.065.07 - updatemail Servlet Arbitrary Mail Message Manipulation...

CVE-2006-4105

Cross-site scripting XSS vulnerability in Fill Threads Database FTD 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the 1 search field or 2 an e-mail message...

CVE-2006-4105

Cross-site scripting XSS vulnerability in Fill Threads Database FTD 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the 1 search field or 2 an e-mail message...