106 matches found
SMTP Injection in PHPMailer
Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. Patches Fixed in 5.2.14 in this commit. Workarounds Manually strip line breaks from email addresses before passing...
Microsoft Windows Mail HTML Line Breaking Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logic that implements automatic line breaks when displaying HTML content in the...
DEBIAN-CVE-2018-1000164
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
Input validation
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
UBUNTU-CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
php: HTTP response splitting in header() function
The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...
HTTP header injection using line breaks
More info at https://www.drupal.org/SA-CORE-2016-001...
PHPmailer -- SMTP injection vulnerability
PHPMailer changelog reports: Fix vulnerability that allowed email addresses with line breaks valid in RFC5322 to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada...
Privilege escalation
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...
php: HTTP response splitting in header() function
The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...
CentOS 5 : conga (CESA-2013:0128)
Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...
Vulnerability in core server (CVE-2012-0868)
Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pgdump file...
Mandriva Update for postgresql MDVSA-2012:026 (postgresql)
Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:026 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)
Check for the Version of postgresql8.3 OpenVAS Vulnerability Test Mandriva Update for postgresql8.3 MDVSA-2012:027 postgresql8.3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Mandriva Linux Security Advisory : postgresql (MDVSA-2012:026)
Multiple vulnerabilities has been discovered and corrected in postgresql : Permissions on a function called by a trigger are not properly checked CVE-2012-0866. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third-party...
PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities
Binary data 6337.prm...