18 matches found
EUVD-2016-4010
Malware in sbrugna...
CVE-2024-49193
Zendesk pre-2024-07-02 is affected. The issue arises from processing incoming emails where Cc fields are extracted to grant extra ticket-viewing privileges, combined with an insufficient spoof-detection mechanism and predictable per-ticket support emails. This allows remote attackers to read tick...
CVE-2024-49193
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the...
CVE-2024-27305 SMTP smuggling in aiosmtpd
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send...
CVE-2024-27305 SMTP smuggling in aiosmtpd
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send...
CVE-2024-27938 SMTP Smuggling in Postal
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...
CVE-2024-27938 SMTP Smuggling in Postal
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...
CVE-2024-27938
CVE-2024-27938 concerns Postal, an open source SMTP server. The vulnerability affects Postal versions older than 3.0.0 and enables SMTP Smuggling, potentially allowing an incoming email to be spoofed as if sent from a server the recipient user authorized. The impact is limited to inbound mail flo...
Sendmail < 8.18 SMTP Smuggling Vulnerability (Dec 2023)
Sendmail is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendmail:sendmail";...
CVE-2022-43679
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...
CVE-2022-24236
CVE-2022-24236 : In Snapt Aria v12.8, an insecure permissions issue allows unauthenticated attackers to send emails from spoofed user accounts. The connected sources corroborate the vulnerability and its impact to email abuse, but do not provide concrete remediation details (patch versions/workar...
CVE-2016-10765
CVE-2016-10765 affects edx-platform prior to 2016-06-10. The issue permits account activation using a spoofed email address, enabling potential unauthorized activation of user accounts. The provided documents do not specify exploitable vectors, affected versions beyond the date, or remediation/wo...
Open-Xchange (OX) App Suite Content Spoofing Vulnerability (Jun 2018)
Open-Xchange OX App Suite is prone to a content spoofing vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Gmail Android APP vulnerability allows anyone to send fraudulent mail-vulnerability warning-the black bar safety net
! Security researcher Yan Zhu in the Gmail Android APP and found an interesting vulnerability that allows anyone to send an e-mail, leaving the e-mail looks to be other people sent, which is likely for phishers have opened a door for malicious activity. Gmail Android APP the presence of mail frau...
CVE-2014-6319
Outlook Web App OWA in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability....
Site5 WordPress e-mail spoofing vulnerability-vulnerability warning-the black bar safety net
The following is to use the local build of the site5 wordpress Vulnerability file: diary, simploblack, simplo, journalcrunch, boldy, webfolio my $theme = ‘diary’; my $url = $wordpress.’wp-content/themes/’.$ theme.’/ sendmail.php’; My e-mail=“[email protected]; Receiver email address my $receiver...
E-Mail header Injection in HiFriend
------------------------------------ -------Header Injection---------- ------------------------------------ Script: hifriend.pl Vendor: Hibyte SoftwareVersion: The free one you get from many webpages Dork: "hifriend.pl" + "cgi-bin" ------------------------------------...
CVE-2006-4344
The CVE-2006-4344 issue affects CGI-Rescue Mail F/W System (formd) prior to 8.3. The vulnerability is a CRLF injection in the mail.cgi and query.cgi components that enables remote attackers to spoof emails and inject email headers. The affected functionality is the mailing form/forwarding system,...