CVE-2020-21783

CVE-2020-21783 refers to an XSS vulnerability in IBOS 4.5.4 where the issue is in the emailbody[content] parameter. Publicly documented impact supports cross-site scripting with user interaction likely required per CVSS3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). NVD lists base scores of 4.3...

Regular Expression Denial of Service

Overview npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this...

GHSA-XGH6-85XH-479P Regular Expression Denial of Service in npm-user-validate

npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this function to...

Regular Expression Denial of Service in npm-user-validate

npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this function to...

PT-2019-8550 · Graphite +2 · Graphite +2

Name of the Vulnerable Software and Affected Versions: Graphite versions through 1.1.5 Graphite version 1.1.5 Description: The send email function in graphite-web/webapp/graphite/composer/views.py is vulnerable to Server-Side Request Forgery SSRF. An attacker can use the vulnerable SSRF endpoint ...

XSS Vulnerability in Baoding OA Email Function

Baoding OA system is an office system for enterprises. An XSS vulnerability exists in the email function of Baoding OA. An attacker can exploit this vulnerability to gain administrator privileges, steal data, etc...

D-Link DIR-866L 'HNAP' and 'Send Email' Function Buffer Overflow Vulnerability

D-Link DIR-866L is a wireless router product from AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-866L. An attacker can exploit this vulnerability to execute arbitrary code in an affected application, which may also result in a denial of service...

WordPress Video Gallery 2.8 Unprotected Mail Page Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...

Oracle BI Mobile HD v11.x iOS - Persistent UI Vulnerability

Document Title: =============== Oracle BI Mobile HD v11.x iOS - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1361 Oracle Security ID: S0540289 Tracking ID: S0540289 Reporter ID: 1 2015Q1 Release Date: ============= 2015-05-06...

CVE-2011-0018

The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...

Cross site request forgery (csrf)

The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...

CVE-2011-0018

CVE-2011-0018 concerns the OpenVAS Manager command injection via the email function in manage_sql.c. Affected are OpenVAS Manager 1.0.x (up to 1.0.3) and 2.0.x (up to 2.0rc2). The root cause is insufficient validation of user-supplied data in OMP requests processed by Greenbone Security Assistant...

CVE-2011-0018

The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...

CVE-2008-3768

Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in an editregistry action to index.php, 2 a vector involving the checkemail function, and other vectors...

Command injection

emailin.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f From address option to the Email::Send::Sendmail function, probably involving shell metacharacters...

nav2000.dos.txt

Hello, I just found somewhat of a problem in Symantec's Email protection in NAV2000. The Protection program leaves a pop server running on the local workstation NAV2000 is installed on.. This server can be crashed somewhat like this telnet 1.1.1.1 USER over 1200 char Then, GPF in windows98 POPROX...