Linux Distros Unpatched Vulnerability : CVE-2017-14461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information...

CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab

CVE-2023-7028 An issue has been discovered in GitLab CE/EE aff...

Microsoft Outlook Remote Code Execution 0day Exploit

Microsoft Outlook Remote Code Execution 0day Exploit - zero-click exploit leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment...

CVE-2022-37309

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name...

CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

Snapt Aria has an unspecified vulnerability

Snapt Aria is an enterprise ADC solution from Snapt USA that provides a load balancer, web gas pedal, web application firewall WAF, global server load balancer GSLB, etc. A security vulnerability exists in Snapt Aria v12.8, which could be exploited by an unauthenticated attacker to send emails fr...

CVE-2021-42009

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...

CVE-2021-36092

It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG OTRS Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior version...

CVE-2021-27182

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...

Wordpress MStore API 授权问题漏洞

Wordpress MStore API is Wordpress open source an application plugin . Provides a configuration for Mstore, FluxStore mobile devices and support RestAPI to connect to the application features . MStore API WordPress plugin version 3.2.0 before the existence of a security vulnerability that can be...

SonicWall SMA100 Authorization Issues Vulnerability

The SonicWall SMA100 is a secure access gateway appliance from SonicWALL USA. An authorization issue vulnerability exists in SonicWall SMA100 version 10.2.0.5 and prior versions, which can be exploited by an attacker to export a target profile to a specified email address...

MGASA-2021-0067 Updated messagelib packages fix a security vulnerability

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...

Security Bulletin: IBM Content Navigator is vulnerable to an email exploit

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details Third Party Entry: PSIRT-ADV0028011 DESCRIPTION: Created from Advisory: ADV0028011 CVSS Base score: 5.9 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products and Versions Affected...

Dovecot Denial of Service Vulnerability (CNVD-2021-01531)

Dovecot is an open source IMAP and POP3 mail server for Linux/Unix. A denial of service vulnerability exists in Dovecot versions prior to 2.3.13. The vulnerability stems from improper input validation issues with lda, lmtp, and imap. An attacker could exploit the vulnerability via a specially...

CVE-2020-9364

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactformupload parameter. An attacker could exploit this...

CentOS Web Panel elevation of privilege vulnerability (CNVD-2019-32250)

CentOS Web Panel is a Linux web hosting control panel. An elevation of privilege vulnerability exists in CentOS Web Panel, which can be exploited by an attacker to change the value of an email exploit in an affected user account...

CVE-2019-1777

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service

-⋆- coding: utf-8 -⋆- Created on Thu Feb 21 01:32:50 2019 @author: César """ Exploit Title: Microsoft Visio 2016 16.0.4738.1000 "Log in accounts" allows go on whit email formed by one thousand A in every of its parts [email protected] Descovered by: César Adrián Coronado Llanos Descovered...