64 matches found
CVE-2024-42010
modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...
ROS-20240408-16
A vulnerability in SendMail SMTP Server software is related to insufficient data authentication data. Exploitation of the vulnerability could allow a remote attacker to bypass the security mechanism and inject e-mail messages with a spoofed MAIL FROM address. security mechanism and inject e-mail...
USN-6611-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...
CVE-2021-37845
Removed by vendor...
Design/Logic Flaw
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...
CVE-2020-15955
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...
CVE-2018-7704
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...
CVE-2018-7705
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...
CVE-2018-7701
Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...
Directory traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...
Code injection
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...
Directory traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...
CVE-2018-7705
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...
CVE-2018-7704
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...
CVE-2018-7701
Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...
Ubuntu 14.04 LTS / 16.04 LTS : ClamAV vulnerabilities (USN-3393-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3393-1 advisory. It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause...
CVE-2017-11349
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...
CVE-2017-11349
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...
CVE-2006-0321
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service crash via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster...
Code injection
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL...