14 matches found
Discourse 访问控制错误漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contained a access control vulnerability. This vulnerability stemm...
Over 100 Chrome extensions break WhatsApp’s anti-spam rules
Recent research by Socket’s Threat Research Team uncovered a massive, coordinated campaign flooding the Chrome Web Store with 131 spamware extensions. These add-ons hijack WhatsApp Web—the browser version of WhatsApp—to automate bulk messages and skirt anti-spam controls. Spamware is software tha...
CVE-2023-0816
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections...
PT-2024-37431 · WordPress · Unlimited Elements For Elementor
Name of the Vulnerable Software and Affected Versions: The Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.112 Description: The issue is related to IP Address Spoofing due to insufficient IP address validation and/or use of user-supplied HTTP headers as a...
Check your DNS! Abandoned domains used to bypass spam checks
Researchers at Guardio Labs have discovered that a group of spammers is using long-forgotten subdomains from established brands like MSN, eBay, CBS, and Marvel to send out malicious emails. The emails can bypass spam checks and to recipients they look like they come from a legitimate source. A...
CVE-2023-0816
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections...
PT-2023-16545 · WordPress · Formidable Forms
Name of the Vulnerable Software and Affected Versions: Formidable Forms WordPress plugin versions prior to 6.1 Description: The issue allows IP Address spoofing and bypass of anti-spam protections by using several potentially untrusted headers to determine the client's IP address. Recommendations...
SUSE CVE-2005-3351
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients "To" addresses, which triggers a bus error in Perl...
WordPress plugin WP-EMail 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin WP-EMail version 2.69.0 has a security vulnerability that stems from obtaining a...
CVE-2018-15136
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application...
CVE-2016-1438
Cisco AsyncOS 9.7.0-125 on Email Security Appliance ESA devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210...
Cisco Email Security Appliance AsyncOS Security Bypass Vulnerability
Cisco AsyncOS on Email Security Appliance ESA is a set of operating systems running in the Email Security Appliance ESA from Cisco USA. A security bypass vulnerability exists in Cisco AsyncOS version 9.7.0-125 on Cisco ESA appliances. A remote attacker could exploit this vulnerability to bypass...
CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
CVE-2002-1790
The SMTP service in Microsoft Internet Information Services IIS 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682...