5 matches found
FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a314635-be46-11ec-a06f-d4c9ef517024 advisory. - Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in...
CVE-2022-24838
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
CVE-2022-24838
The CVE-2022-24838 issue affects Nextcloud Calendar (the calendar app for Nextcloud). The vulnerability arises because newlines and special characters in the email value within the JSON request are not sanitized, allowing an attacker to break out of the SMTP command RCPT TO: and inject arbitrary ...
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...