CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.4AI score0.0052EPSS

Exploits1References3

VulnCheck KEV•added 2017/06/20 12:0 a.m.•1 views

VulnCheck KEV: CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

7.8CVSS7.5AI score0.0052EPSS

Exploits1References1

seebug.org•added 2017/04/21 12:0 a.m.•36 views

cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)

SEC-212 Format string injection The ability to supply arbitrary format strings to cgiemail and cgiecho allowed code execution whenever a user was able to provide a cgiemail template file. Use CVE-2017-5613. SEC-214 Open redirect The cgiemail and cgiecho binaries served as an open redirect due to...

6.8CVSS7AI score0.0052EPSS

Exploits1

Tenable Nessus•added 2017/03/27 12:0 a.m.•28 views

Debian DLA-869-1 : cgiemail security update

The cPanel Security Team discovered several security vulnerabilities in cgiemail, a CGI program used to create HTML forms for sending mails : CVE-2017-5613 A format string injection vulnerability allowed to supply arbitrary format strings to cgiemail and cgiecho. A local attacker with permissions...

7.8CVSS6.9AI score0.0052EPSS

Exploits1References6

Debian•added 2017/03/24 12:6 p.m.•20 views

[SECURITY] [DLA 869-1] cgiemail security update

Package : cgiemail Version : 1.6-37+deb7u1 CVE ID : CVE-2017-5613 CVE-2017-5614 CVE-2017-5615 CVE-2017-5616 Debian Bug : 852031 The cPanel Security Team discovered several security vulnerabilities in cgiemail, a CGI program used to create HTML forms for sending mails: CVE-2017-5613 A format strin...

7.8CVSS7.1AI score0.0052EPSS

Exploits1

OSV•added 2017/03/24 12:0 a.m.•20 views

DLA-869-1 cgiemail - security update

Bulletin has no description...

7.8CVSS6.2AI score0.0052EPSS

Exploits1

NVD•added 2017/03/03 3:59 p.m.•15 views

CVE-2017-5616

Cross-site scripting XSS vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter...

6.1CVSS6AI score0.00271EPSS

Exploits1References3

OSV•added 2017/03/03 3:59 p.m.•0 views

UBUNTU-CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...

6.1CVSS7.2AI score0.00279EPSS

Exploits1References3

Prion•added 2017/03/03 3:59 p.m.•14 views

Format string

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

6.8CVSS7.9AI score0.0052EPSS

Exploits1References3

NVD•added 2017/03/03 3:59 p.m.•11 views

CVE-2017-5614

Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the 1 success or 2 failure parameter...

6.1CVSS6.1AI score0.0038EPSS

Exploits1References3

OSV•added 2017/03/03 3:59 p.m.•0 views

UBUNTU-CVE-2017-5614

6.1CVSS7.3AI score0.0038EPSS

Exploits1References3

OSV•added 2017/03/03 3:59 p.m.•0 views

UBUNTU-CVE-2017-5616

Cross-site scripting XSS vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter...

6.1CVSS6.8AI score0.00271EPSS

Exploits1References3