FormMail Detection

The FormMail Script was found at this port. FormMail is a generic HTML form to e-mail gateway that parses the results of any form and sends them to the specified users. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

FormMail 1.92 XSS / HTTP Response Splitting

FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor http://www.scriptarchive.com/formmail.html Advisory...

FormMail 1.92 Multiple Vulnerabilities

FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor http://www.scriptarchive.com/formmail.html Advisory...

CVE-2006-3585

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...

FormMail Insufficient Spam Protection

Matt Wright SPDX-FileCopyrightText: 2001 Noam Rathaus SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mattwright:formmail";...

CVE-2002-2109

CVE-2002-2109 affects Matt Wright FormMail 1.9 and earlier. The vulnerability allows remote attackers to bypass the HTTP_REFERER check and perform unauthorized activities by exploiting: (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3)...

CVE-2002-2109

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTPREFERER check and conduct unauthorized activities via 1 a blank referer, 2 a spoofed referer with a trusted domain/URL after the beginning of the referer, or 3 a spoofed referer with a trusted domain/URL in the beginni...

CVE-2002-1771

FormMail 1.9 and earlier contains a newline-injection flaw in the email/realname CGI variables that allows remote attackers to inject CC/BCC/TO fields, enabling spam or anonymous email. Affected component is the FormMail mailing script; impact is remote abuse without authentication. The provided ...

CVE-2002-1771

Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables...

CVE-2004-1431

FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the arfile auto-reply parameter...

Jacks FormMail.php remote file access vulnerability

Security Advisory Vendor: Jack Jack's Scripts Date: 31-Dec-2004 Script: FormMail.php Site: http://dtheatre.com/scripts/formmail.php Type: Remote Severity: High Version: 5.0 maybe others Script Overview: Jacks FormMail.php script is a simple PHP script that allows web site owners to easily email...

CVE-2004-1431

FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the arfile auto-reply parameter...

formmail (PHP) Upload file using CSS

Informations : °°°°°°°°°°°°°° Website : http://www.dtheatre.com/scripts/ Version : all Problem : Upload file PHP Code/Location : °°°°°°°°°°°°°°°°°°° formmail.php : ------------------------------------------------------------------ function checkreferer$referers if count$referers $found = false;...

XSS (Cross Site Scripting) on FormMail.CGI

Topic: XSS Cross Site Scripting on FormMail.CGI Version: 1.92 Released: April 21, 2002 Manufacturer: http://www.scriptarchive.com/formmail.html By XyborG - [email protected] - http://www.rzweb.com.ar/ Formmai.cgi, it is a utility that serves to send forms by email, among other uses. The operatio...

FormMail-Clone - Cross-Site Scripting

source: https://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious link to the script which contains...

FormMail-Clone - Cross-Site Scripting

FormMail-Clone - Cross-Site Scripting source: https://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious...

CVE-2002-1771

Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables...

CVE-2002-2109

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTPREFERER check and conduct unauthorized activities via 1 a blank referer, 2 a spoofed referer with a trusted domain/URL after the beginning of the referer, or 3 a spoofed referer with a trusted domain/URL in the beginni...

Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9

A more easy-on-the-eyes Postscript version of the following advisory may be viewed at: http://www.monkeys.com/anti-spam/formmail-advisory.ps An entertaining working demonstration of a 100 client-side Javascript exploit for older and already well-known FormMail 1.6 version security flaws may be...

Маленькая дырка в formmail

Атакующий может просмотреть переменные окружения на сервере. Кроме того, возможна безнаказанная рассылка спама...