23 matches found
EUVD-2017-3336
Malware in sbrugna...
EUVD-2017-9998
Malware in sbrugna...
EUVD-2020-20330
Malware in sbrugna...
EUVD-2021-0932
Malware in sbrugna...
EUVD-2004-2761
Malware in sbrugna...
EUVD-2024-41286
Malicious code in bioql PyPI...
akademy cross-site scripting vulnerability
akademy is a school management system. A cross-site scripting vulnerability exists in akademy, which stems from an incorrect manipulation of the parameter emailAddress. No details of the vulnerability are provided at this time...
Lunary Input Validation Error Vulnerability
lunary is a production toolkit for LLM. An input validation error vulnerability exists in lunary that stems from improper validation of email addresses during the registration process and can be exploited by an attacker to create multiple accounts with the same email address by changing the case ...
CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...
PT-2023-29870 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.8.0 Description: The issue concerns the default email address for the initial admin user, which is set to [email protected]. This could potentially affect password reset functionality if the domain mycompany.c...
GHSA-HGR8-G756-VMG9 Zeta Components Mail Arbitrary code execution via a crafted email address
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...
Security update for postsrsd (moderate)
openSUSE Security Update: Security update for postsrsd Announcement ID: openSUSE-SU-2021:0669-1 Rating: moderate References: 1180251 Cross-References: CVE-2020-35573 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update...
[SECURITY] [DLA 2042-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : 946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Djangos password-reset form used a case-insensitive query to retrieve...
MGASA-2019-0046 Updated perl-Email-Address package fixes security vulnerability
The parse method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f" CVE-2018-12558...
MGASA-2016-0397 Updated perl-Email-Address packages fix security vulnerability
Pali Rohár discovered a possible DoS attack in any software which uses the Email::Address Perl module for parsing string input to a list of email addresses. Note that this issue has only been partially mitigated in Email::Address itself...
DEBIAN-CVE-2015-7686
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service CPU consumption via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associat...
Code injection
MemberProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address ID of another user...
Code injection
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field aka Email text box. NOTE: the vendor disputes this, stating "I'm unable to...
CVE-2004-1113
SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 sender or 2 recipient e-mail addresses...
CVE-2002-1526
Cross-site scripting XSS vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field...