17 matches found
Server-Side Template Injection
fof/pretty-mail is vulnerable to Server-Side Template Injection. The vulnerability is due to improper validation and sanitization of email template inputs, which allows an attacker with administrative access to inject malicious template expressions and execute arbitrary system commands during ema...
OreaHax-Framework
OreaHax-Framework ╔════════════════════════════════════...
FoF Pretty Mail has a server-side template injection vulnerability
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...
EUVD-2024-19450
Malicious code in bioql PyPI...
EUVD-2023-56047
Malicious code in bioql PyPI...
EUVD-2023-56048
Malicious code in bioql PyPI...
EUVD-2023-56014
Malicious code in bioql PyPI...
CVE-2024-21838
Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...
CVE-2023-51334
CVE-2023-51334 affects PHPJabbers Cinema Booking System v1.0, where the Forgot Password / reset mechanism lacks rate limiting. The documented impact is that an attacker can abuse the feature to trigger a large volume of email messages to a legitimate user, potentially causing a Denial of Service....
CVE-2024-21838
Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...
CVE-2024-21838
Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...
CVE-2024-21838
Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...
CVE-2024-21838
CVE-2024-21838: Improper neutralization of special elements (CWE-74) in Gallagher Command Centre’s email generation feature could allow HTML code injection in emitted emails. Affected: Gallagher Command Centre versions 9.00 before vEL9.00.1774 (MR2), 8.90 before vEL8.90.1751 (MR3), 8.80 before vE...
Debian DLA-2306-1 : libphp-phpmailer security update
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...
Debian: Security Advisory (DLA-2306-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2244-1 : libphp-phpmailer security update
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...
Debian: Security Advisory (DLA-2244-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...