CVE-2024-40464

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file...

CVE-2024-40464

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file...

PT-2024-28857 · Beego · Beego

Name of the Vulnerable Software and Affected Versions: beego versions 2.2.0 and earlier Description: An issue in beego allows a remote attacker to escalate privileges via the sendMail function located in the beego/core/logs/smtp.go file. Recommendations: For beego versions 2.2.0 and earlier,...

CVE-2024-40464

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file...

CVE-2024-40464

CVE-2024-40464 affects beego v2.2.0 and earlier. A remote attacker can escalate privileges via the sendMail function in beego/core/logs/smtp.go due to improper validation in OpenSSL certificate handling. Public sources describe privilege escalation through this path, with IBM/X-Force listing a hi...

CVE-2024-6431

The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-lev...

WordPress plugin Media.net Ads Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37621 · WordPress · Media.Net Ads Manager

Name of the Vulnerable Software and Affected Versions: Media.net Ads Manager plugin for WordPress versions up to, and including, 2.10.13 Description: The issue arises from missing file type validation and a missing capability check in the sendMail function, allowing authenticated attackers with...

Photon OS 5.0: Sendmail PHSA-2024-5.0-0192

An update of the sendmail package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0192. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Sendmail PHSA-2022-3.0-0382

An update of the sendmail package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0382. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Sendmail PHSA-2022-4.0-0173

An update of the sendmail package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0173. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Sendmail PHSA-2024-4.0-0560

An update of the sendmail package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0560. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Updated sendmail packages fix security vulnerability

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

MGASA-2024-0270 Updated sendmail packages fix security vulnerability

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

Mageia: Security Advisory (MGASA-2024-0270)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Parameter Injection

zend-mail is vulnerable to Parameter Injection. The vulnerability is due to unsanitized additional quote characters within an address in the file Sendmail.php, which allows an attacker to inject arbitrary parameters to the system sendmail program...

Debian: Security Advisory (DLA-3829-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-5346 · Unknown +1 · Vaultwarden +1

Name of the Vulnerable Software and Affected Versions: vaultwarden versions prior to 1.33.0 Description: vaultwarden, an unofficial Bitwarden compatible server, contains a flaw that allows an attacker with authenticated access to the admin panel to execute arbitrary code on the system. This is...

[SECURITY] [DLA 3829-2] sendmail regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-2 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS -...

DLA-3829-2 sendmail - regression update

Bulletin has no description...