136 matches found
Google Android AOSP Mail Information Disclosure Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in Google Android AOSP Mail. An attacker can exploit this vulnerability to obtain sensitive information...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the ssmtp package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Cybozu Garoon vulnerable to information disclosure
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...
Cybozu Garoon mail function vulnerable to access restriction bypass
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A spoofed e-mail may be sent by a user. Solution Update the...
Barracuda Networks MDM - Persistent Mail Vulnerability
Document Title: =============== Barracuda Networks MDM - Persistent Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1315 Release Date: ============= 2016-02-04 Vulnerability Laboratory ID VL-ID: ==================================== 131...
HackerOne: Unintended HTML inclusion as a result of https://hackerone.com/reports/110578
Hi, I was just reading https://hackerone.com/reports/110578 and testing out the changes. I had previously noticed that the editor would take something like: test and turn it into : test In other words, the code would recursively look at what should be the title string and use the first single or...
MGASA-2016-0019 Updated ruby-mail packages fix security vulnerability
The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...
The vulnerability of the Mac OS X operating system, which allows a perpetrator to gain access to protected information
The vulnerability of the Mail component in the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to protected information at the moment when email messages are printed out...
CVE-2014-4439
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients...
PayPal France Mail Encoding Script Insertion
Document Title: =============== PayPal Inc Bug Bounty Issue 70 France - Persistent Escape Shopping Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=869...
PayPal Inc BB #70 FR - Persistent Mail Vulnerability
Document Title: =============== PayPal Inc BB 70 FR - Persistent Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=869 PayPal Security UID: Roc83bl Release Date: ============= 2014-09-25 Vulnerability Laboratory ID VL-ID:...
CVE-2012-4507
The strchr function in procmime.c in Claws Mail aka claws-mail 3.8.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted email...
Code injection
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors...
CVE-2011-2016
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a...
UBUNTU-CVE-2010-3829
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to...
Heap overflow
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."...
PT-2009-3542 · Apple · Ios +1
Name of the Vulnerable Software and Affected Versions: Apple iPhone OS versions 1.0 through 2.2.1 Apple iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: The issue concerns the Mail component, which does not offer an option to disable remote image loading in HTML emails. This allow...
elitecms 1.01 - SQL Injection / Cross-Site Scripting
eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $query = "SELECT FROM pages WHERE id = '$GET'page''"; 93...
[ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability
ECHOADV94$2008 ----------------------------------------------------------------------------------------- ECHOADV94$2008 Kmita Mail = 3.0 file Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...
CVE-2007-2958
Format string vulnerability in the incputerror function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws Claws Mail 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies...