LinkAce 注入漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...

OrangeHRM 代码注入漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code injection vulnerability exists in OrangeHRM versions 5.0 through 5.7, whi...

CVE-2021-4466

IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...

CVE-2021-4466

IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...

EUVD-2021-34717

IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...

CVE-2025-60701

The CVE-2025-60701 issue affects the D-Link DIR-882 router, specifically firmware DIR882A1_FW102B02. The vulnerability stems from the prog.cgi function sub_433188 and the rc binary’s sub_448FDC, where user-supplied EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, and AccountName are stored ...

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

EUVD-2019-8841

Malware in sbrugna...

EUVD-2021-28342

Malicious code in bioql PyPI...

EUVD-2025-17108

Malicious code in bioql PyPI...

CVE-2025-22829

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for...

CVE-2025-5755

A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /emailconfig.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-22817

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailconfupdagte...

FlyCms Security Vulnerability

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . FlyCms security vulnerabilities , the vulnerability stems from /system/email/emailconfupdagte location cross-site request...

PortSwigger Web Security: A user with only [MODIFY_SETTINGS] permmision could takeover any user accounts

The vulnerability allowed a user with only the "MODIFYSETTINGS" permission to take over any user accounts. By configuring the email settings to use a public SMTP server, the attacker could capture the email and password reset link whenever an administrator or user with permissions to edit or add...

SMTP server credentials are returned

Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...

IDOR on save email configuration leads to account takeover

Description An attacker with a low privileged account on the latest GLPI version could change other user´s email when saving his own user preferences. After that, if "Forgot password" is enabled via email, an attacker will be able to retrieve victim´s forgot password link to the modified email to...

Stack overflow

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtpemailsubject parameter at /goform/formSetEmail...

CVE-2022-4312

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service SMS accounts configuration files to discover the associated simple mail transfer protocol SMTP account...

Input validation

BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page...