14 matches found
CVE-2019-19806
accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...
CVE-2023-50455
Zammad before 6.2.0 is affected by a rate-limiting vulnerability in the email address verification feature. The lack of rate limiting allows an attacker to issue many requests for a known address, leading to Denial of Service via generation of a large number of emails (which could spam the recipi...
CVE-2023-50455
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...
CVE-2023-50455
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...
The benefits of taking an intent-based approach to detecting Business Email Compromise
BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy that checks for...
CVE-2021-39909
The CVE-2021-39909 entry concerns GitLab Enterprise Edition (EE) and describes a lack of email address ownership verification in the CODEOWNERS feature across affected lines: EE from 11.3 up to before 14.2.6, EE 14.3 up to before 14.3.4, and EE 14.4 up to before 14.4.1. This absence can allow an ...
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...
in emoncms/dashboard
š„ BUG account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address . š„ STEP TO REPRODUCE 1. First as attacker create a account with email [email protected]. You dont own that email-address .\ You cant login untill you verify that...
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...
USN-4268-1: OpenSMTPD vulnerability
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root...
mybb -- vulnerabilities
mybb Team reports: High risk: Email field SQL Injection. Medium risk: Video MyCode Persistent XSS in Visual Editor. Low risk: Insufficient permission check in User CPās attachment management. Low risk: Insufficient email address verification...
Microsoft Outlook 2003 - Mail Client E-mail Address Verification
Microsoft Outlook 2003 - Mail Client E-mail Address Verification source: https://www.securityfocus.com/bid/10323/info It has been reported that Microsoft Outlook mail client may be prone to a weakness that could allow a remote attacker to verify the validity of a recipient's e-mail address. This...