Lucene search
K

84 matches found

Friends Of PHP
Friends Of PHP
added 2015/05/19 5:40 p.m.23 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/07 8:16 a.m.18 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/07 8:16 a.m.23 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/07 8:16 a.m.20 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.39 views

procmail buffer overflow

Buffer overflow on mail headers parsing...

7.5CVSS4AI score0.08525EPSS
Exploits1References1Affected Software1
Ubuntu
Ubuntu
added 2014/09/04 5:39 p.m.49 views

USN-2340-1: procmail vulnerability

Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.3AI score0.08525EPSS
Exploits1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Youngzsoft CMailServer 4.0 RCPT TO Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7548/info A buffer overflow vulnerability has been reported for CMailServer. The vulnerability exists due to insufficient bounds checking when parsing e-mail headers. Specifically, an overly long RCPT TO e-mail header wil...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.16 views

openSUSE Security Update : dovecot12 (dovecot12-4609)

dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot12-4609. The text description of this plugin is C SUSE...

5CVSS5.2AI score0.0325EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.31 views

openSUSE Security Update : dovecot20 (dovecot20-4610)

dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot20-4610. The text description of this plugin is C SUSE...

5CVSS5.2AI score0.0325EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.19 views

openSUSE Security Update : dovecot12 (openSUSE-SU-2011:0540-1)

dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot12-4609. The text description of this plugin is C SUSE...

5CVSS5.2AI score0.0325EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/04/02 12:0 a.m.25 views

SuSE 11.3 Security Update : mutt (SAT Patch Number 9023)

The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

5CVSS5.5AI score0.05155EPSS
Exploits1References3
Prion
Prion
added 2013/12/05 12:55 p.m.22 views

Crlf injection

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors...

3.5CVSS6.9AI score0.00962EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/12/05 11:0 a.m.26 views

CVE-2013-6003

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors...

6.5AI score0.00962EPSS
Exploits0References4
CVE
CVE
added 2013/12/05 11:0 a.m.46 views

CVE-2013-6003

CVE-2013-6003 affects Cybozu Garoon 3.1–3.5 SP5. A CRLF injection vulnerability exists in the Phone Messages forwarding feature that allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. The root cause is improper handling of header data during mail forward...

3.5CVSS6.6AI score0.00962EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2012/07/17 10:20 a.m.20 views

Design/Logic Flaw

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

4CVSS6.6AI score0.01677EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/07/17 10:0 a.m.82 views

CVE-2012-0796

CVE-2012-0796 affects the PHPMailer library (used by Moodle and other products). The vulnerability allows remote authenticated users to inject arbitrary email headers via crafted From: or Sender: headers in PHPMailer before certain versions. Affected ranges include PHPMailer 2.2.x before 2.2.1 (a...

4CVSS6AI score0.01677EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/07/17 10:0 a.m.33 views

CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

5.9AI score0.01677EPSS
Exploits0References4
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.123 views

[SECURITY] [DSA 2421-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...

6.8CVSS0.9AI score0.02149EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/03/12 12:0 a.m.27 views

Debian: Security Advisory (DSA-2421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.4AI score0.02149EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/03/01 12:0 a.m.36 views

Debian DSA-2421-1 : moodle - several vulnerabilities

Several security issues have been fixed in Moodle, a course management system for online learning : - CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php. - CVE-2011-4584 MNet authentication didn't prevent a user using 'Login as' from jumping to a...

6.8CVSS5.4AI score0.02149EPSS
Exploits0References24
Rows per page
Query Builder