60 matches found
HTTP Header Injection
Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. PoC: const userEmail =...
OESA-2021-1079 mutt security update
Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields...
CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...
DEBIAN-CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...
UBUNTU-CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...
CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...
CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...
mutt -- denial of service
Tavis Ormandy reports: rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can...
CVE-2018-14396
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address,...
CVE-2018-14397
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address,...
PHP Scripts Mall hotel-booking-script Cross-Site Scripting Vulnerability
PHP Scripts Mall hotel-booking-script is a multi-vendor hotel booking script. PHP Scripts Mall hotel-booking-script 2.0.4 suffers from a cross-site scripting vulnerability that can be exploited by an attacker via the First Name, Last Name or Address fields...
CVE-2018-14869
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...
Sendmail Header Processing Buffer Overflow (CVE-2002-1337)
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and mail-delivery methods, including the Simple Mail Transfer Protocol SMTP used for email transport over the Internet. There exists a buffer overflow vulnerability in Sendmail 5.79 to 8.12...
CVE-2009-3257
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...
SA-2008-023 - Ubercart - Cross site scripting
During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity f...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ripe CMS: crossite scripting in http://site/contact-us with Name, address, Subject fields...
CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c...
CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c...
CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c...
CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c...