181 matches found
CVE-2016-5740
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. Th...
CVE-2016-6845
The CVE-2016-6845 entry affects Open-Xchange OX App Suite prior to 7.8.2-rev8. The vulnerability arises from script code within hyperlinks in HTML emails not being properly sanitized when using base64 encoded data resources, allowing an attacker to supply hyperlinks that can execute script code i...
CVE-2016-6845
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...
Edusson (Robotdon) BB - Bypass & Persistent Vulnerability
Document Title: =============== Edusson Robotdon BB - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1870 Release Date: ============= 2016-11-03 Vulnerability Laboratory ID VL-ID: ==================================== 18...
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities
Document Title: =============== Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1881 Release Date: ============= 2016-07-27 Vulnerability Laboratory ID VL-ID:...
Microsoft Office Files Containing Malicious VBScript Downloader
Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...
Mails - AOL, Outlook and more - Apache license, Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Mails - AOL, Outlook and more published at the 'play' market has multiple vulnerabilities...
eFront Learning CMS 3.6.15.6 Cross Site Scripting
Document Title: =============== eFront Learning 3.6.15.6 CMS - Forum Persistent Title Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1761 Release Date: ============= 2016-02-23 Vulnerability Laboratory ID VL-ID:...
Microsoft Office Mail Attachment Containing Malicious Downloader
A Microsoft Office Mail attachment containing a malicious downloader was observed as part of Locky ransomware campaign. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the targe...
eFront Learning 3.6.15.6 CMS - Persistent Web Vulnerability
Document Title: =============== eFront Learning 3.6.15.6 CMS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1761 Release Date: ============= 2016-02-22 Vulnerability Laboratory ID VL-ID: ===================================...
Dnstwist - Domain Name Permutation Engine For Detecting Typo Squatting, Phishing And Corporate Espionage
See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is...
AVM FRITZ!OS Cross-Site Scripting Vulnerability
AVM FRITZ!OS is a set of operating systems used in Fritz!Box wireless router products. A cross-site scripting vulnerability exists in the Push-Service-Mails feature of AVM FRITZ!OS, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be us...
CVE-2015-7242
Cross-site scripting XSS vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message...
Cross site scripting
Cross-site scripting XSS vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message...
CVE-2015-7242
Cross-site scripting XSS vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message...
Microsoft Outlook for Mac Spoofing (MS15-116: CVE-2015-6123)
A spoofing vulnerability has been reported in Microsoft outlook for Mac. The vulnerability is due to an error in Microsoft Office Outlook that fail to sanitize html input or treat it in a safe manner. A remote attacker can exploit this vulnerability by sending HTML e-mails to victims with content...
ownCloud: Self-XSS in mails sent by [email protected]
Hello i create account with username have a payload code "alert1, and i always when i get mail from [email protected] i get mail win inject the code payload html code inject From: ownCloud Reply-To: [email protected] To: [email protected] Message-ID: Subject: ownCloud Security & Encryption 2.0; A...
Microsoft Office Files Containing Malicious Downloader
Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...
Jease CMS 2.11 Script Insertion
Document Title: =============== Jease CMS v2.11 - Persistent UI Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1373 Release Date: ============= 2014-12-12 Vulnerability Laboratory ID VL-ID: ==================================== 1373...
BookFresh - Persistent Clients Invite Vulnerability
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...