33 matches found
EUVD-2023-0555
Malicious code in bioql PyPI...
EUVD-2025-4972
Malicious code in bioql PyPI...
EUVD-2023-1405
Malicious code in bioql PyPI...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Denial Of Service (DoS)
Apache James Server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded memory consumption due to the JMAP HTML-to-plain-text conversion implementation failing to properly limit resource usage, potentially leading to service disruption...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
PT-2023-20578 · Apache · Apache James Server
Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.3 and earlier Description: The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take...
Command injection
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
CVE-2022-45935 Apache James server: Temporary File Information Disclosure
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
CVE-2022-45935
CVE-2022-45935 affects Apache James server (3.7.2 and earlier). The issue is insecure permissions on temporary files used by the server, enabling a local attacker to access private user data in transit. Affected components include the SMTP stack and the IMAP APPEND command. The published CVSSv3.1...
PT-2023-14802 · Apache · Apache James Server
Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.2 and prior versions Description: The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server...
GHSA-CGVF-22VV-83H5 Apache James Server OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors...
GHSA-V84G-CF5J-XJQX Path Traversal in Apache James Server
Apache James Server prior to version 3.6.2 contains a path traversal vulnerability. The fix for CVE-2021-40525 does not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users...
Apache James Server 2.3.2 Remote Command Execution
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...
Apache James Server 2.3.2 - Remote Command Execution (Authenticated) Exploit (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2 Tested on: Ubuntu...
POC-EXP
This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities. The exploits are written in Python and target different applications, including Apache James Server, Apache Flink Web Dashboard, and Apache Solr. The Apache James Server exploit is a remote command...