Lucene search
K

8 matches found

Openbugbounty
Openbugbounty
added 2024/04/04 1:24 p.m.6 views

us.dorama.info Cross Site Scripting vulnerability OBB-3902031

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/05 12:0 a.m.16 views

nginx Information Disclosure Vulnerability (CVE-2014-3556)

nginx is prone to an information disclosure vulnerability in the SMTP proxy. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

6.8CVSS6.5AI score0.07832EPSS
Exploits0References2
OSV
OSV
added 2014/12/29 8:59 p.m.10 views

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.7AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2014/12/29 8:59 p.m.38 views

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.8CVSS5.9AI score0.07832EPSS
Exploits0References2
CVE
CVE
added 2014/12/29 8:0 p.m.114 views

CVE-2014-3556

The CVE-2014-3556 entry affects nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4. The STARTTLS implementation in mail/ngx_mail_smtp_handler.c allows an MITM to inject commands into encrypted SMTP sessions by sending a cleartext command after TLS is established, due to insufficient I/O bu...

6.8CVSS6.8AI score0.07832EPSS
Exploits0References4Affected Software1
Nginx
Nginx
added 2014/12/29 8:0 p.m.260 views

STARTTLS command injection

STARTTLS command injection Severity: medium CVE-2014-3556 Not vulnerable: 1.7.4+, 1.6.1+ Vulnerable: 1.5.6-1.7.3...

6.8CVSS6.5AI score0.07832EPSS
Exploits0References1Affected Software1
ALT Linux
ALT Linux
added 2014/08/06 12:0 a.m.18 views

Security fix for the ALT Linux 9 package nginx version 1.6.1-alt1

Aug. 6, 2014 Denis Smirnov 1.6.1-alt1 - 1.6.1 - CVE-2014-3556...

6.8CVSS7.1AI score0.07832EPSS
Exploits0
FreeBSD
FreeBSD
added 2014/08/05 12:0 a.m.34 views

nginx -- inject commands into SSL session vulnerability

The nginx project reports: Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556; the bug had appeared in 1.5.6...

6.8CVSS6.7AI score0.07832EPSS
Exploits0References1
Rows per page
Query Builder