Improper Handling of Windows Device Names

Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function. An attacker can cause the application to hang indefinitely by requesting a path ending with a Windows special device name, e.g. CON or NUL. Note: This is only vulnerab...

Code injection

CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service application crash via a 1 CON, 2 AUX, or 3 NUL device name in the filename of an attachment...