[SECURITY] [DLA 3725-1] postfix security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3725-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 30, 2024 https://wiki.debian.org/LTS -...

CVE-2022-39258

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

CVE-2022-39258 mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

Phishing Attack

next-auth is vulnerable to phishing attacks. A remote attacker is able to pass a specifically crafted input to the e-mail signin endpoint which contains malicious HTML, tricking the e-mail server to send it to the user which allows the attacker to perform phishing attacks on the victim...

CVE-2022-31127 Improper handling of email input in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...

Microsoft Exchange Server ProxyLogon vulnerability

Added: 03/19/2021 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenced in Microsoft Advisory...

F-Secure E-mail/Server Security OpenSSL TLS/DTLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 F-Secure E-mail/Server Security/F-Secure Server Security产品存在安全漏洞。 F-Secure E-mail/Server Security/F-Secure Server Security所绑定的OpenSSL存在安全漏洞，OpenSSL处理TLS”心跳“扩展存在一个边界错误，允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥，用户名密码等。 0 F-Secure E-mail and Server Security 10.x F-Secure E-mail...

NetGear C DSL Router R0318 - Multiple Web Vulnerabilities

Document Title: =============== NetGear C DSL Router R0318 - Multiple Web Vulnerabilities Release Date: ============= 2011-08-18 Vulnerability Laboratory ID VL-ID: ==================================== 40 Product & Service Introduction: =============================== RO318 ergänzt Produktfamilie...

Insecure Mail Server Offers Chinese Government Accounts To The Masses

A security researcher who identified holes in SCADA software used by utilities in China has issued a new warning to that country’s CERT about insecure Web infrastructure, including an e-mail server that allows any Web user to create their own Chinese government mail account. Dillon Beresford, a...

Microsoft Patches Worm Holes in Mail Server, Visual Basic for Apps

Microsoft today issued patches for a pair of critical remote code execution vulnerabilities in Windows and Microsoft Office and urged affected users to apply the fixes as soon as possible. The most serious issue, addressed in the MS10-030 bulletin, affects Outlook Express, Windows Mail and Window...

Microsoft Security Bulletin MS10-030 - Critical Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)

Microsoft Security Bulletin MS10-030 - Critical Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution 978542 Published: May 11, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Outlook Express...

IBM Lotus Domino Web Access Message Handling Denial of Service (CVE-2004-0668)

Lotus Domino is a groupware product that provides instant messaging, web application server, e-mail server, and other services for an integrated, collaborative environment. A vulnerability exists in the way Lotus Domino processes e-mail messages opened through Web Access. There exists a...

NoticeWare E-mail Server 5.1.2.2 (POP3) Pre-Auth DoS Exploit

No description provided by source. !/usr/bin/python Software: NoticeWare E-mail Sever POP3 5.1.2.2 Pre-Auth DoS Discovered and Coded by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754atgmaildotcom Description: NoticeWare E-mail Server has many odd querks about it...

NoticeWare E-mail Server 5.1.2.2 (POP3) Pre-Auth DoS Exploit

Exploit for unknown platform in category dos / poc ============================================================ NoticeWare E-mail Server 5.1.2.2 POP3 Pre-Auth DoS Exploit ============================================================ !/usr/bin/python Software: NoticeWare E-mail Sever POP3 5.1.2.2...

Noticeware E-mail Server 5.1.2.2 - 'POP3' Denial of Service

!/usr/bin/python Software: NoticeWare E-mail Sever POP3 5.1.2.2 Pre-Auth DoS Discovered and Coded by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754gmailcom Description: NoticeWare E-mail Server has many odd querks about it This DoS leverages the fact that the PO...

NetMail IMAP APPEND command buffer overflow

Added: 12/29/2006 CVE: CVE-2006-6425 BID: 21723 OSVDB: 31362 Background Novell NetMail is an e-mail and calendaring server application. Problem A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted...

MERCUR Messaging IMAP LOGIN command buffer overflow

Added: 07/10/2006 CVE: CVE-2006-1255 BID: 17138 OSVDB: 23950 Background MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote...

IMail LDAP buffer overflow

Added: 07/06/2006 CVE: CVE-2004-0297 BID: 9682 OSVDB: 3984 Background IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol LDAP. Problem A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the...

IMail LDAP buffer overflow

Added: 07/06/2006 CVE: CVE-2004-0297 BID: 9682 OSVDB: 3984 Background IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol LDAP. Problem A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the...

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...