Lucene search
+L

31 matches found

NVD
NVD
added 2023/09/19 7:15 a.m.37 views

CVE-2023-5054

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...

5.8CVSS5.6AI score0.00542EPSS
Exploits0References3
OSV
OSV
added 2023/09/19 7:15 a.m.6 views

CVE-2023-5054

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...

5.3CVSS5.9AI score0.00542EPSS
Exploits0References3
Patchstack
Patchstack
added 2022/03/22 12:0 a.m.29 views

WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin versions = 3.6.7. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.8...

2.8AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/01/20 10:30 a.m.23 views

Remote Code Execution (RCE)

libspf2 is vulnerable to remote code execution. The vulnerability exists due to a heap-based buffer overflow in SPFrecordexpanddata in spfexpand.c in the system allowing an attacker to execute maliciously crafted script via an unauthenticated email message...

9.8CVSS4.7AI score0.09643EPSS
Exploits1References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/01/19 6:15 p.m.2 views

CVE-2021-33912

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...

9.8CVSS7.6AI score0.09643EPSS
Exploits1References5
OSV
OSV
added 2022/01/19 6:15 p.m.2 views

DEBIAN-CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...

9.8CVSS8.6AI score0.09643EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/01/19 6:15 p.m.24 views

CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...

9.8CVSS7.5AI score0.09643EPSS
Exploits1References4
OSV
OSV
added 2022/01/19 6:15 p.m.4 views

UBUNTU-CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...

9.8CVSS7.7AI score0.09643EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/01/19 12:0 a.m.3 views

PT-2022-10300 · Libspf2 +3 · Libspf2 +3

Name of the Vulnerable Software and Affected Versions: libspf2 versions prior to 1.2.11 Description: The issue is a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS...

9.8CVSS8.3AI score0.51474EPSS
Exploits2References36
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.754 views

Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Date: 2021-03-02 Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q Thi...

9.8CVSS9.5AI score0.99999EPSS
Exploits65
0day.today
0day.today
added 2021/05/18 12:0 a.m.182 views

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and automated downloads of...

9.8CVSS0.99999EPSS
Exploits63
Rows per page
Query Builder