Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
•added 2025/05/22 4:55 a.m.•7 views

CVE-2019-19806

accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...

5.3CVSS6.8AI score0.00993EPSS
Exploits0References1
CVE
CVE
•added 2023/12/10 12:0 a.m.•44 views

CVE-2023-50455

Zammad before 6.2.0 is affected by a rate-limiting vulnerability in the email address verification feature. The lack of rate limiting allows an attacker to issue many requests for a known address, leading to Denial of Service via generation of a large number of emails (which could spam the recipi...

7.5CVSS7.3AI score0.00701EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
•added 2023/12/10 12:0 a.m.•17 views

CVE-2023-50455

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...

7.6AI score0.00701EPSS
Exploits0References1
OSV
OSV
•added 2023/12/10 12:0 a.m.•20 views

CVE-2023-50455

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...

7.5CVSS6.8AI score0.00701EPSS
Exploits0References3
NVD
NVD
•added 2023/04/19 12:15 a.m.•18 views

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS5.7AI score0.02527EPSS
Exploits1References46
Cvelist
Cvelist
•added 2022/10/26 12:0 a.m.•15 views

CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

9.1CVSS9.8AI score0.00766EPSS
Exploits0References2
Talos Blog
Talos Blog
•added 2022/10/18 12:0 p.m.•18 views

The benefits of taking an intent-based approach to detecting Business Email Compromise

BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy that checks for...

6.8AI score
Exploits0
CVE
CVE
•added 2021/11/04 11:3 p.m.•84 views

CVE-2021-39909

The CVE-2021-39909 entry concerns GitLab Enterprise Edition (EE) and describes a lack of email address ownership verification in the CODEOWNERS feature across affected lines: EE from 11.3 up to before 14.2.6, EE 14.3 up to before 14.3.4, and EE 14.4 up to before 14.4.1. This absence can allow an ...

5.3CVSS5.2AI score0.00594EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
•added 2021/11/04 11:3 p.m.•25 views

CVE-2021-39909

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...

5.3CVSS5.8AI score0.00594EPSS
Exploits0References3
Huntr
Huntr
•added 2021/07/22 6:13 p.m.•13 views

in emoncms/dashboard

šŸ’„ BUG account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address . šŸ’„ STEP TO REPRODUCE 1. First as attacker create a account with email [email protected]. You dont own that email-address .\ You cant login untill you verify that...

0.8AI score
Exploits0
Cvelist
Cvelist
•added 2020/03/31 3:11 p.m.•31 views

CVE-2019-14880

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...

4.8CVSS9.1AI score0.01079EPSS
Exploits0References2
Ubuntu
Ubuntu
•added 2020/02/05 1:48 p.m.•107 views

USN-4268-1: OpenSMTPD vulnerability

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root...

10CVSS9AI score0.98946EPSS
Exploits27
FreeBSD
FreeBSD
•added 2018/09/11 12:0 a.m.•492 views

mybb -- vulnerabilities

mybb Team reports: High risk: Email field SQL Injection. Medium risk: Video MyCode Persistent XSS in Visual Editor. Low risk: Insufficient permission check in User CP’s attachment management. Low risk: Insufficient email address verification...

3.3AI score
Exploits0References1
exploitpack
exploitpack
•added 2004/05/11 12:0 a.m.•11 views

Microsoft Outlook 2003 - Mail Client E-mail Address Verification

Microsoft Outlook 2003 - Mail Client E-mail Address Verification source: https://www.securityfocus.com/bid/10323/info It has been reported that Microsoft Outlook mail client may be prone to a weakness that could allow a remote attacker to verify the validity of a recipient's e-mail address. This...

Exploits0
Rows per page
Query Builder