Lucene search
K

4 matches found

Cvelist
Cvelist
added 2023/05/26 8:3 p.m.41 views

CVE-2023-33185 Incorrect signature verification in django-ses

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

4.6CVSS5.7AI score0.00233EPSS
Exploits1References3
Kitploit
Kitploit
added 2022/04/11 12:30 p.m.39 views

Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it ca...

7AI score
Exploits0References2
Hacker One
Hacker One
added 2020/03/18 8:0 p.m.41 views

HackerOne: Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service

This was a DoS based on triggering a lot of bounced emails via SES service which could put our email sending up for review with AWS. The vulnerability was due to unrestricted invitations on sandbox programs which allowed an attacker to generate an infinite number of bounced emails. We had applied...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/04/29 1:5 p.m.21 views

Nextcloud: Missing Rate Limiting protection leading to mass triggering of e-mails

The issue is that there is a speed bump missing in the subscription of e-mail for a user. This would eventually let the attacker spam to any random e-mail resulting in exhaustion of resources on your side and I see that you are using Amazon AWS's SES where you are charged per e-mail. If a dedicat...

6.8AI score
Exploits0
Rows per page
Query Builder