GHSA-VVJJ-XCJG-GR5G Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

EUVD-2003-0734

Malware in sbrugna...

EUVD-2001-1059

Malware in sbrugna...

SUSE CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

AZL-35110 CVE-2023-51764 affecting package postfix for versions less than 3.9.0-1

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

SideFX: Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's.

Port 587 SMTP open. Attacker can send emails remotely to company email addresses. This allows phishing, spamming, or other malicious emails to be sent from what appears to be a legitimate internal company email account...

SUSE CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

Nextcloud: SMTP Command Injection in Appointment Emails via Newlines

Summary: Users can create appointment calendars for other users to book slots on their calendar. When booking a slot, the following request is made: POST /apps/calendar/appointment/1/book HTTP/2 Host: 192.168.92.132 "start":1647306900,"end":"1647307200","displayName":"Test...

Buffer overflow

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server...

CVE-2019-19782

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server...

[ASA-201910-1] exim: arbitrary code execution

Arch Linux Security Advisory ASA-201910-1 ========================================= Severity: Critical Date : 2019-10-02 CVE-ID : CVE-2019-16928 Package : exim Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1038 Summary ======= The package exim before versi...

Critical Exim Flaw Opens Servers to Remote Code Execution

A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems including Linux or Mac OSX, serves as a mail...

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim...

CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

DEBIAN-CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

Heap overflow

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

PT-2019-3615 · Exim +2 · Exim +2

Name of the Vulnerable Software and Affected Versions: Exim versions 4.92 through 4.92.2 Description: The issue is related to a heap-based buffer overflow in the string vformat function in string.c, which can be exploited by sending a long EHLO command, potentially allowing remote code execution...