CVE-2001-0357

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email spam by modifying the recipient and message parameters...

CVE-2001-0357

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email spam by modifying the recipient and message parameters...

CVE-2001-0357

FormMail vulnerability CVE-2001-0357 affects FormMail.pl (FormMail) 1.6 and earlier. An attacker can remotely modify recipient and message parameters to send anonymous email, effectively enabling spam through the vulnerable script. Connected OpenVAS data identifies affected versions (All versions...

CORRECTION to CODE: FormMail.pl can be used to send anonymous email

Hi All, I did a little playing with FormMail.pl after a run in with a spammer abusing our webserver. Apparently ALL FormMail.pl cgi-bin scripts can be used to spam anonymously. I found another server with FormMail.pl and tried the same exploit to send myself an email and it worked. The email will...

CVE-2000-0255

The CVE-2000-0255 entry affects the Nbase-Xyplex EdgeBlaster router. The vulnerability arises when an attacker performs a scan for the FormMail CGI program, which can cause a denial of service. Documented impact is network-based, with availability impact described as PARTIAL. The provided sources...

CVE-2000-0255

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program...

CVE-2000-0411

CVE-2000-0411 concerns Matt Wright’s FormMail CGI script. The vulnerability allows remote attackers to obtain environmental variables via the env_report parameter, potentially exposing sensitive system information. Connected PT-2000-1353 notes affected versions are not specified and provides no f...

Black Watch Labs Vulnerability Alert

Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...

CVE-2000-0411

Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the envreport parameter...

Matt Wright FormMail 1.61.71.8 - Environmental Variables Disclosure

Matt Wright FormMail 1.61.71.8 - Environmental Variables Disclosure source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL th...

PT-2000-1353 · Matt Wright · Matt Wright'S Formmail Cgi Script

Name of the Vulnerable Software and Affected Versions: Matt Wright's FormMail CGI script affected versions not specified Description: The issue allows remote attackers to obtain environmental variables via the env report parameter. This could potentially expose sensitive information about the...

Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure

source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...

CVE-2000-0255

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program...

Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay

The 'formmail.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: -...

CVE-1999-0172

FormMail CGI program allows remote execution of commands...

CVE-1999-0173

CVE-1999-0173 relates to the FormMail CGI program, with multiple sources confirming that it can be used by web servers other than the host where it resides. The connected documentation identifies the affected component as FormMail CGI, but does not provide a detailed root cause or a confirmed fix...

CVE-1999-0172

The CVE-1999-0172 entry corresponds to the FormMail CGI (formmail.pl) vulnerability. Public docs describe a well-known security flaw in the FormMail CGI that lets remote attackers execute arbitrary commands on the server with the privileges of the HTTP daemon (often root or nobody). Affected comp...

CVE-1999-0173

FormMail CGI program can be used by web servers other than the host server that the program resides on...

Matt Wright FormMail 1.x - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/2080/info FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other...

PT-1997-1076 · Nms · Formmail Cgi

Name of the Vulnerable Software and Affected Versions: FormMail CGI program affected versions not specified Description: The issue concerns the FormMail CGI program, which can be utilized by web servers other than the host server where the program resides. Recommendations: At the moment, there is...