Youngzsoft CMailServer 4.0 RCPT TO Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7548/info A buffer overflow vulnerability has been reported for CMailServer. The vulnerability exists due to insufficient bounds checking when parsing e-mail headers. Specifically, an overly long RCPT TO e-mail header wil...

Crlf injection

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors...

CVE-2013-6003

CVE-2013-6003 affects Cybozu Garoon 3.1–3.5 SP5. A CRLF injection vulnerability exists in the Phone Messages forwarding feature that allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. The root cause is improper handling of header data during mail forward...

CVE-2013-6003

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors...

Design/Logic Flaw

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

CVE-2012-0796

CVE-2012-0796 affects the PHPMailer library (used by Moodle and other products). The vulnerability allows remote authenticated users to inject arbitrary email headers via crafted From: or Sender: headers in PHPMailer before certain versions. Affected ranges include PHPMailer 2.2.x before 2.2.1 (a...

CVE-2011-2381

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...

CVE-2011-2381

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...

Crlf injection

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...

CVE-2011-2381

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...

CVE-2009-1578

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

CVE-2009-1578

CVE-2009-1578 affects SquirrelMail < 1.4.18 and NaSMail

Crlf injection

CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF %0A sequences in the subject parameter, a related issue to CVE-2007-1898...

CVE-2007-2731

Jetbox CMS 2.1 is affected by a CRLF injection in formmail.php, allowing remote attackers to inject arbitrary e-mail headers via LF sequences in the subject parameter. This is linked to CVE-2007-1898. The NetVigilance advisory notes that exploitation requires PHP register_globals to be On; a work...

CVE-2007-1718

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...

CVE-2006-4344

The CVE-2006-4344 issue affects CGI-Rescue Mail F/W System (formd) prior to 8.3. The vulnerability is a CRLF injection in the mail.cgi and query.cgi components that enables remote attackers to spoof emails and inject email headers. The affected functionality is the mailing form/forwarding system,...

CVE-2006-3473

CRLF injection vulnerability in formmail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225...

CVE-2006-3473

CVE-2006-3473 describes a CRLF injection vulnerability in the Drupal form_mail module, affecting versions before 1.8.2.2. An attacker could remotely inject email headers, enabling the Drupal site to be used to send spam. This issue is explicitly noted as a different issue than CVE-2006-1225. The ...

CVE-2006-3473

CRLF injection vulnerability in formmail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225...