439 matches found
CVE-2025-3929 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...
VulnCheck KEV: CVE-2025-3929
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...
PT-2025-18143 · Unknown · Mdaemon Email Server
Name of the Vulnerable Software and Affected Versions: MDaemon Email Server versions 25.0.1 and below Description: A Stored Cross-Site Scripting XSS issue was discovered, allowing a remote attacker to send a specially crafted HTML e-mail message with JavaScript in an img tag. This could enable th...
MDaemon Email Server 安全漏洞
MDaemon Email Server is an email server from MDaemon, Inc. A security vulnerability exists in MDaemon Email Server 25.0.1 and earlier versions, which originates from JavaScript code in specially crafted HTML emails and could lead to a cross-site scripting attack...
PT-2025-7938 · Zimbra · Zimbra Email Server
Name of the Vulnerable Software and Affected Versions: Zimbra Email Server affected versions not specified Description: A Credential Disclosure issue exists due to the lack of encryption, allowing an administrator to extract stored SMTP account credentials. Recommendations: At the moment, there i...
GoPhish sends cleartext passwords
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
Careto is back: what’s new after 10 years of silence?
During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, our researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182
MDaemon Email Server is affected by CVE-2024-11182: an XSS in HTML emails containing JavaScript in an img tag, exploitable in the webmail UI prior to version 24.5.1c. Impact is loading arbitrary JavaScript in the browser context of a webmail user. The vendor patched to 24.5.1c (Nov 14, 2024); exp...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user’s browser window. Recent assessments: Assess...
MDaemon Email Server 安全漏洞
MDaemon Email Server is an email server from MDaemon, Inc. A security vulnerability exists in MDaemon Email Server versions prior to 24.5.1c, which stems from the presence of a cross-site scripting XSS vulnerability that could allow a remote attacker to load arbitrary JavaScript code in the conte...
PT-2024-16805
Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions prior to 24.5.1c Description An XSS issue was discovered in MDaemon Email Server, allowing a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window by sending an HTML...
USN-7013-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. CVE-2024-23184 It was discovered that Dovecot incorrectly handled very large headers. A remo...
USN-6939-1 exim4 vulnerability
Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users...
The vulnerability of the rspamd_maps() function in the Docker-based email server deployment and management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.
The vulnerability of the rspamdmaps function in the Docker-based email server deployment and management tool, mailcow:dockerized, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
TerraMaster TOS Security Vulnerability
TerraMaster TOS is a Linux-based operating system from China's TerraMaster Corporation TerraMaster that is dedicated to the TerraMaster Cloud Storage NAS server. A security vulnerability exists in TerraMaster TOS version 5.1 and prior versions, which stems from the use of hard-coded credentials. ...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...