Lucene search
K

64 matches found

RedhatCVE
RedhatCVE
added 2024/08/06 9:48 a.m.27 views

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

7.5CVSS7AI score0.5281EPSS
Exploits1References8
Redos
Redos
added 2024/04/08 12:0 a.m.26 views

ROS-20240408-16

A vulnerability in SendMail SMTP Server software is related to insufficient data authentication data. Exploitation of the vulnerability could allow a remote attacker to bypass the security mechanism and inject e-mail messages with a spoofed MAIL FROM address. security mechanism and inject e-mail...

5.3CVSS6.9AI score0.01073EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/29 10:52 a.m.41 views

USN-6611-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...

5.3CVSS7.4AI score0.01072EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/05/29 12:0 a.m.24 views

CVE-2021-37845

Removed by vendor...

3.7CVSS4.8AI score0.00665EPSS
Exploits1
Prion
Prion
added 2022/11/10 9:15 p.m.16 views

Design/Logic Flaw

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...

5CVSS5.1AI score0.00323EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/08/17 6:15 p.m.8 views

CVE-2020-15955

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...

5.9CVSS0.0095EPSS
Exploits0References2
NVD
NVD
added 2018/03/15 1:29 a.m.15 views

CVE-2018-7704

SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...

6.5CVSS6.2AI score0.04885EPSS
Exploits5References3
NVD
NVD
added 2018/03/15 1:29 a.m.17 views

CVE-2018-7705

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...

8.1CVSS7.6AI score0.06321EPSS
Exploits5References3
NVD
NVD
added 2018/03/15 1:29 a.m.23 views

CVE-2018-7701

Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...

6.5CVSS6.8AI score0.0307EPSS
Exploits5References3
Prion
Prion
added 2018/03/15 1:29 a.m.13 views

Directory traversal

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...

4CVSS6.6AI score0.0708EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2018/03/15 1:29 a.m.15 views

Code injection

SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...

4CVSS6.7AI score0.04885EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2018/03/15 1:29 a.m.14 views

Directory traversal

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...

5.5CVSS7.8AI score0.06321EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/03/14 8:0 p.m.18 views

CVE-2018-7705

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...

7.9AI score0.06321EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/03/14 8:0 p.m.19 views

CVE-2018-7704

SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...

6.7AI score0.04885EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/03/14 8:0 p.m.18 views

CVE-2018-7701

Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...

7.5AI score0.0307EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2017/08/18 12:0 a.m.31 views

Ubuntu 14.04 LTS / 16.04 LTS : ClamAV vulnerabilities (USN-3393-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3393-1 advisory. It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause...

7.8CVSS7.2AI score0.01976EPSS
Exploits0References4
NVD
NVD
added 2017/07/17 1:18 p.m.49 views

CVE-2017-11349

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

9.8CVSS9.5AI score0.02EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/07/17 12:0 a.m.24 views

CVE-2017-11349

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

9.5AI score0.02EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2015/10/30 10:21 a.m.16 views

CVE-2006-0321

fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service crash via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster...

5CVSS7.2AI score0.03419EPSS
Exploits0References2
Prion
Prion
added 2015/01/30 11:59 a.m.20 views

Code injection

Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL...

5CVSS6.5AI score0.021EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder