38 matches found
CVE-2025-8871
The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...
CVE-2025-8871
The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...
CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature
The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...
CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature
The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...
WordPress plugin Everest Forms Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
EUVD-1999-0822
Malware in sbrugna...
EulerOS Virtualization 2.12.0 : emacs (EulerOS-SA-2024-2767)
According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such...
In Emacs before 29.3 Gnus treats inline MIME contents as trusted.
...
Unspecified vulnerability in Gnu emacs (CNVD-2025-15363)
Gnu emacs is a family of text editors in the American GNU community. Gnu emacs suffers from a security vulnerability that stems from Gnus treating inline MIME content as trusted. No details of the vulnerability are provided at this time...
CVE-2024-30203
In Emacs before 29.3, Gnus treats inline MIME contents as trusted...
CVE-2024-30203
CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...
GNU Emacs 安全漏洞
GNU Emacs is a family of text editors in the American GNU community. A security vulnerability existed prior to GNU Emacs version 29.3, which stemmed from Gnus treating inline MIME content as trusted...
USN-5121-2: Mailman vulnerabilities
USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. CVE-2020-12108,...
UBUNTU-CVE-2019-19916
In Midori Browser 0.5.11 on Windows 10, Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting XSS and other...
CVE-2018-4227
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...
CVE-2018-4111
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature...
SqWebMail 4.0.4 .20040524 Email Header HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings. The...
Pine 4.x Empty MIME Boundary Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5301/info Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft Operating Systems. When a mail is received by pine that contains MIME...
IBM Lotus Notes Lotus 1-2-3文件查看器缓冲区溢出漏洞
Lotus Notes是由IBM开发的集成邮件、日历、即时消息、浏览器和业务协作应用,可用作Lotus Domino服务器应用的桌面客户端。 Lotus Notes的邮件客户端支持预览和处理各种格式的文件附件。为了预览和处理Lotus 1-2-3所使用的Lotus工作表文件格式(WKS)的文件,邮件客户端使用了第三方软件厂商的函数库(Autonomy的Verity KeyView SDK)。该函数库处理Lotus 1-2-3文件附件时存在缓冲区溢出漏洞,如果用户试图查看恶意附件的话就可以触发这个溢出,导致执行任意指令。 尽管这只是第三方组件中的问题,但Lotus...
[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field whitespace issue
-- Corsaire Security Advisory -- Title: Multiple vendor MIME field whitespace issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030804-003 -- Scope -- The aim of this document is to clearly...