Page 2 of 9 results (0.006 seconds)

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2

The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. La aplicación para Android Google Email 4.2.2.0200 permite a atacantes remotos causar una denegación de servicio (caída de aplicación persistente) a través de una cabecera 'Content-Disposition: ;' en un mensaje de email. A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email. • http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html http://openwall.com/lists/oss-security/2015/02/10/9 http://openwall.com/lists/oss-security/2015/02/12/15 http://packetstormsecurity.com/files/130388/Google-Email-4.4.2.0200-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Feb/58 http://www.securityfocus.com/archive/1/534703/100/0/threaded • CWE-19: Data Processing Errors •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Email Field v6.x-1.x antes de v6.x-1.3 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del enlace de correo 'mailto'. • http://drupal.org/node/1852612 http://drupal.org/node/1853214 http://www.openwall.com/lists/oss-security/2012/11/29/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 0

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. El módulo Email Field v6.x-1.x antes de v6.x-1.3 para Drupal, cuando se utiliza un módulo de permisos de campos y el formateador de campos de contacto esta puesto a modo de pantalla completa o teaser, no comprueba correctamente los permisos, lo que permite a atacantes remotos a enviar por correo electrónico la dirección almacenada a través de vectores no especificados. • http://drupal.org/node/1852612 http://drupal.org/node/1853214 http://www.openwall.com/lists/oss-security/2012/11/29/2 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. La página de formateador de contacto en el módulo Email Field v6.x-1.x antes de v6.x-1.2 y v7.x-1.x antes de v7.x-1.1 para Drupal permite a atacantes remotos para enviar la dirección almacenada en la entidad a través de vectores no especificados. • http://drupal.org/node/1761948 http://drupal.org/node/1761968 http://drupal.org/node/1762470 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •