84 matches found
Potential CRLF injection attacks in mail and HTTP headers
More info at https://framework.zend.com/security/advisory/ZF2015-04...
Potential CRLF injection attacks in mail and HTTP headers
More info at https://framework.zend.com/security/advisory/ZF2015-04...
Potential CRLF injection attacks in mail and HTTP headers
More info at https://framework.zend.com/security/advisory/ZF2015-04...
Potential CRLF injection attacks in mail and HTTP headers
More info at https://framework.zend.com/security/advisory/ZF2015-04...
procmail buffer overflow
Buffer overflow on mail headers parsing...
USN-2340-1: procmail vulnerability
Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code...
Youngzsoft CMailServer 4.0 RCPT TO Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7548/info A buffer overflow vulnerability has been reported for CMailServer. The vulnerability exists due to insufficient bounds checking when parsing e-mail headers. Specifically, an overly long RCPT TO e-mail header wil...
openSUSE Security Update : dovecot12 (dovecot12-4609)
dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot12-4609. The text description of this plugin is C SUSE...
openSUSE Security Update : dovecot20 (dovecot20-4610)
dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot20-4610. The text description of this plugin is C SUSE...
openSUSE Security Update : dovecot12 (openSUSE-SU-2011:0540-1)
dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot12-4609. The text description of this plugin is C SUSE...
SuSE 11.3 Security Update : mutt (SAT Patch Number 9023)
The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...
Crlf injection
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors...
CVE-2013-6003
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors...
CVE-2013-6003
CVE-2013-6003 affects Cybozu Garoon 3.1–3.5 SP5. A CRLF injection vulnerability exists in the Phone Messages forwarding feature that allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. The root cause is improper handling of header data during mail forward...
Design/Logic Flaw
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...
CVE-2012-0796
CVE-2012-0796 affects the PHPMailer library (used by Moodle and other products). The vulnerability allows remote authenticated users to inject arbitrary email headers via crafted From: or Sender: headers in PHPMailer before certain versions. Affected ranges include PHPMailer 2.2.x before 2.2.1 (a...
CVE-2012-0796
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...
[SECURITY] [DSA 2421-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2421-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2421-1 : moodle - several vulnerabilities
Several security issues have been fixed in Moodle, a course management system for online learning : - CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php. - CVE-2011-4584 MNet authentication didn't prevent a user using 'Login as' from jumping to a...