188 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper handling of user input in the email sending functionality. An attacker can send spam, phishing emails, or other malicio...
Lunary Email Injection Vulnerability
lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...
CVE-2024-7472
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472
CVE-2024-7472 affects lunary-ai/lunary v1.2.26, exposing an email injection vulnerability in the /v1/users/send-verification and /auth/signup endpoints. The root cause is bypassing the extractFirstName function by using an alternate whitespace character (e.g., \xa0), enabling data to be injected ...
Lunary 安全漏洞
lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...
PT-2024-38372 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.26 Description: The issue allows an unauthenticated attacker to inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character, such as xa0. This can be exploite...
PT-2024-30259 · Rws · Rws Multitrans
Name of the Vulnerable Software and Affected Versions: RWS MultiTrans versions 7.0.23324.2 and earlier Description: The issue allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. Recommendations: For RWS MultiTrans...
CVE-2024-8167
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
PT-2024-19085 · Gallagher · Gallagher Command Centre
Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 MR6 Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 MR4 Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 MR...
CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output
The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...
SMTP Smuggling
sendmail is vulnerable to SMTP Smuggling. The vulnerability is due to injecting email messages with a spoofed MAIL FROM address using sendmail supports . sequence which allows malicious emails to be accepted as legitimate and leads to bypass of SPF protection mechanisms...
USN-6611-1 exim4 vulnerability
It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
CVE-2023-51764
Postfix CVE-2023-51764 affects Postfix versions prior to fixed releases (e.g., 3.8.5 and earlier patched lines) and allows SMTP smuggling via non-standard end-of-data handling, enabling spoofed MAIL FROM and SPF bypass. Public advisories (ALMA/AMAZON/Linux distributions and Debian LTS) confirm th...
PT-2023-10638 · Unknown · Magnesium-Php
Name of the Vulnerable Software and Affected Versions: Magnesium-PHP versions up to 0.3.0 Description: A vulnerability was found in Magnesium-PHP, classified as problematic. The issue affects the formatEmailString function of the file src/Magnesium/Message/Base.php. The manipulation of the...
HTML Injection - real Aptabase emails
Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...
CVE-2023-22288
HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...