101 matches found
[SECURITY] [DSA 533-1] New courier packages fix cross-site scripting vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 533-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 22nd, 2004 http://www.debian.org/security/faq -...
DSA-533 courier - cross-site scripting
Bulletin has no description...
CVE-2004-0591
Cross-site scripting XSS vulnerability in the printheaderuc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via 1 e-mail headers or 2 a message with a "message/delivery-status" MIME Content-Type...
CVE-2004-0591
Cross-site scripting XSS vulnerability in the printheaderuc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via 1 e-mail headers or 2 a message with a "message/delivery-status" MIME Content-Type...
CVE-2004-0591
CVE-2004-0591 describes a cross-site scripting (XSS) vulnerability in SqWebMail’s print_header_uc function affecting SqWebMail 4.0.4 and earlier (possibly 3.x). An attacker can inject arbitrary script via (1) email headers or (2) a message with a “message/delivery-status” MIME type, executing in ...
XSS vulnerability in Sqwebmail 4.0.4
Hello Bugtraq, Sqwebmail http://www.inter7.com/sqwebmail/ is a web cgi client for sending and receiving email using Maildir mailboxes. During a web application security evaluation on Sqwebmail 4.0.4.20040524 we have found a XSS Cross Site Scripting vulnerability inside the printheaderuc function...
SqWebMail 4.0.4.20040524 - Email Header HTML Injection
SqWebMail 4.0.4.20040524 - Email Header HTML Injection source: https://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email...
CVE-2004-0224
Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...
CVE-2004-0224
Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...
CVE-2004-0224
Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...
CVE-2004-0224
Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...
CVE-2004-0224
Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...
CVE-2004-0224
CVE-2004-0224 affects Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0. The issue is multiple buffer overflows in the Unicode converters (iso2022jp.c and shiftjis.c) that occur when a character is outside the BMP range, enabling remote code execution as described in the ...
sqwebmail unauthorized access
Session hijacking via Referer is possible...
PCL-0002: Session Hijacking in "Sqwebmail"
--------------------------- PUCCIOLAB.ORG - ADVISORIES http://www.pucciolab.org --------------------------- PCL-0002: Session Hijacking in "Sqwebmail" --------------------------------------------------------------------------- PuCCiOLAB.ORG Security Advisories [email protected]...
CVE-2002-1311
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files...
DEBIAN-CVE-2002-1311
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files...
CVE-2002-1311
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files...
[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure
-------------------------------------------------------------------------- Debian Security Advisory DSA 197-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2002 http://www.debian.org/security/faq -...
[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure
-------------------------------------------------------------------------- Debian Security Advisory DSA 197-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2002 http://www.debian.org/security/faq -...