31 matches found
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...
WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin versions = 3.6.7. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.8...
Remote Code Execution (RCE)
libspf2 is vulnerable to remote code execution. The vulnerability exists due to a heap-based buffer overflow in SPFrecordexpanddata in spfexpand.c in the system allowing an attacker to execute maliciously crafted script via an unauthenticated email message...
CVE-2021-33912
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...
DEBIAN-CVE-2021-33913
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...
CVE-2021-33913
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...
UBUNTU-CVE-2021-33913
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...
PT-2022-10300 · Libspf2 +3 · Libspf2 +3
Name of the Vulnerable Software and Affected Versions: libspf2 versions prior to 1.2.11 Description: The issue is a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS...
Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Date: 2021-03-02 Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q Thi...
Microsoft Exchange 2019 - Unauthenticated Email Download Exploit
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and automated downloads of...