12 results (0.006 seconds)

CVSS: 5.0EPSS: 1%CPEs: 20EXPL: 0

Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. • http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt http://www.securityfocus.com/bid/10398 https://exchange.xforce.ibmcloud.com/vulnerabilities/16246 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1

Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. • http://marc.info/?l=bugtraq&m=101680576827641&w=2 http://marc.info/?l=ntbugtraq&m=101680201823534&w=2 http://security.greymagic.com/adv/gm002-ie http://www.securityfocus.com/bid/4343 https://exchange.xforce.ibmcloud.com/vulnerabilities/8609 •

CVSS: 6.4EPSS: 1%CPEs: 6EXPL: 3

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). • https://www.exploit-db.com/exploits/21695 https://www.exploit-db.com/exploits/21696 http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00142.html http://www.eudora.com/download/eudora/windows/5.2/RelNotes.txt http://www.securityfocus.com/bid/5432 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 1

Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. • https://www.exploit-db.com/exploits/21680 http://marc.info/?l=bugtraq&m=102858453720304&w=2 http://marc.info/?l=bugtraq&m=102883538924494&w=2 http://www.iss.net/security_center/static/9765.php http://www.securityfocus.com/bid/5397 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. • http://marc.info/?l=bugtraq&m=101622857703677&w=2 http://www.iss.net/security_center/static/8487.php http://www.securityfocus.com/archive/1/262704 http://www.securityfocus.com/bid/4306 •