Lucene search
K

106 matches found

Github Security Blog
Github Security Blog
added 2020/03/05 10:9 p.m.79 views

SMTP Injection in PHPMailer

Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. Patches Fixed in 5.2.14 in this commit. Workarounds Manually strip line breaks from email addresses before passing...

5CVSS9AI score0.01988EPSS
Exploits0References12Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/05/15 12:0 a.m.31 views

Microsoft Windows Mail HTML Line Breaking Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logic that implements automatic line breaks when displaying HTML content in the...

7.7CVSS2.6AI score0.12934EPSS
Exploits0References1
OSV
OSV
added 2018/04/18 7:29 p.m.1 views

DEBIAN-CVE-2018-1000164

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS7.5AI score0.02431EPSS
Exploits1References1
OSV
OSV
added 2018/03/20 5:29 p.m.5 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS5.8AI score0.02863EPSS
Exploits0References1
Prion
Prion
added 2018/03/20 5:29 p.m.19 views

Input validation

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

5CVSS7.3AI score0.02863EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2018/03/20 5:29 p.m.34 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS7AI score0.02863EPSS
Exploits0References2
OSV
OSV
added 2018/03/20 5:29 p.m.4 views

UBUNTU-CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS5.8AI score0.02863EPSS
Exploits0References3
NVD
NVD
added 2018/03/20 5:29 p.m.22 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS7.4AI score0.02863EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/03/20 5:0 p.m.35 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS7.4AI score0.02863EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.5 views

php: HTTP response splitting in header() function

The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...

6.1CVSS7.2AI score0.02959EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.24 views

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

5.9CVSS7.2AI score0.01179EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2015/11/05 12:0 a.m.13 views

PHPmailer -- SMTP injection vulnerability

PHPMailer changelog reports: Fix vulnerability that allowed email addresses with line breaks valid in RFC5322 to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada...

1.6AI score
Exploits0References1
Prion
Prion
added 2015/10/09 2:59 p.m.16 views

Privilege escalation

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...

6.8CVSS7.3AI score0.02135EPSS
Exploits0References9Affected Software7
RedHat Linux
RedHat Linux
added 2015/06/04 8:2 a.m.3 views

php: HTTP response splitting in header() function

The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...

6.1CVSS7.2AI score0.02959EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/17 12:0 a.m.25 views

CentOS 5 : conga (CESA-2013:0128)

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

3.7CVSS5.6AI score0.0034EPSS
Exploits0References4
PostrgeSql
PostrgeSql
added 2012/07/18 11:0 p.m.610 views

Vulnerability in core server (CVE-2012-0868)

Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pgdump file...

6.8CVSS7AI score0.0257EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2012/03/07 12:0 a.m.30 views

Mandriva Update for postgresql MDVSA-2012:026 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:026 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

6.8CVSS0.03625EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/03/07 12:0 a.m.24 views

Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)

Check for the Version of postgresql8.3 OpenVAS Vulnerability Test Mandriva Update for postgresql8.3 MDVSA-2012:027 postgresql8.3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

6.8CVSS0.03625EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2012/03/01 12:0 a.m.39 views

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:026)

Multiple vulnerabilities has been discovered and corrected in postgresql : Permissions on a function called by a trigger are not properly checked CVE-2012-0866. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third-party...

6.8CVSS7.8AI score0.03625EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/02/28 12:0 a.m.52 views

PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities

Binary data 6337.prm...

6.8CVSS7AI score0.03625EPSS
Exploits1References5
Rows per page
Query Builder