166 matches found
CVE-2017-11737
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page...
SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2388-1)
This update for OpenSSH fixes the following issues : - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc97063...
SUSE-SU-2016:2388-1 Security update for openssh
This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc970632...
WordPress Users Ultra 1.3.37 SQL Injection
Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability Risk : High+/Critical Author : XroGuE Google Dork : inurl: wp-content/plugins/users-ultra/ Plugin Version : 1.3.37 Plugin Name : users ultra Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip Vendor Home...
Mail.ru: touch.mail.ru XSS via message id
воспроизводится в IE11 уязвимы элементы принимающие значение id письма. к примеру https://touch.mail.ru/cgi-bin/msglistreadmsg/14112810510000000915"...
dedecms5. 7 latest sql injection exploit guestbook. php-vulnerability warning-the black bar safety net
Impact version 5. 7 Vulnerability file edit. inc. php specific code: ExecuteNoneQuery" DELETE FROM @guestbook WHERE id='$id' "; ShowMsg"successfully deleted a message!", $GUESTBOOKPOS; exit; else if$job=='check' && $gisadmin $dsql-ExecuteNoneQuery" UPDATE @guestbook SET ischeck=1 WHERE id='$id' "...
Magic magiclink-vulnerability warning-the black bar safety net
Magic control MagicLink1. 4 remote control software Version 1.4 update 1. Using a more complex encryption algorithm, the encrypted message information. 2. You can set the Message ID to make the connection more secure,1.4the previous Server version, the message identity is set toCMJSPY2INFO 1....
Mozilla Foundation Security Advisory 2007-15
Title: Security Vulnerability in APOP Authentication Impact: Moderate Announced: May 30, 2007 Reporter: Gatan Leurent Products: Thunderbird, SeaMonkey Fixed in: Thunderbird 1.5.0.12 Thunderbird 2.0.0.4 SeaMonkey 1.0.9 SeaMonkey 1.1.2 Description Gatan Leurent informed us of a weakness in APOP...
SECURITY.NNOV: The Bat! 2.x message headers spoofing
Title: The Bat! 2.x message headers spoofing Author: 3APA3A [email protected] Homepage: http://www.security.nnov.ru/ Advisory URL: http://www.security.nnov.ru/advisories/thebatspoof.asp Vendor: RitLabs Vendor's page http://thebat.net/ Application: The Bat 2.x 2.12.04 tested Not vulnerable:...
CVE-2005-0127
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine...
Apple Mac OS X vulnerable to information disclosure in "Message-ID" header
Overview The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Description Mac OS X includes the Mail application for handling electronic mail. This application does include the Media Access Control MAC address of a...
CVE-2005-0127
CVE-2005-0127 affects Mac OS X 10.3.7 Mail: the Message-ID header includes a GUUID that reveals the MAC address of the sending machine, enabling remote attackers to correlate mail with a specific system. Impact is system identification via email; exploitation details are not provided in the conne...
CVE-2005-0127
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine...
CVE-2004-2677
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP qwik-smtpd 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the 1 clientRcptTo array, and the 2 Received and 3 messageID variables, possibly involving HELO and hostname arguments...
Mandrake Linux Security Advisory : leafnode (MDKSA-2003:005)
A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix...
Leafnode CPU exhaustion
If message is crossposted to few groups where one is prefix for another and then requested by message id programs goes into infinite loop...
leafnode denial-of-service triggered by article request
The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...
CVE-2001-1174
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header...
CVE-2001-1174
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header...
CVE-2000-0472
CVE-2000-0472 describes a buffer overflow in INN (innd) 2.2.2 that allows a remote attacker to execute arbitrary commands via a cancel request containing a long message ID. Documents indicate the impact is remote code execution and that remediation is to upgrade to version 2.2.3 or disable the ve...