CVE-2026-41232

CVE-2026-41232 (Froxlor) : In Froxlor prior to 2.3.6, EmailSender::add() uses the wrong array index when splitting an email address, passing the local part to validateLocalDomainOwnership() instead of the domain. This makes the domain ownership check pass for non-existent domains, allowing any au...

Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

WordPress WP Change Email Sender Plugin < 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Change Email Sender Type Plugin Vulnerable versions 1.3.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29815 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2c75fd16d36c Credits Dhabaleshwar Das Required privile...

CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

Rocky Linux 8 : thunderbird (RLSA-2022:4887)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:4887 advisory. - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox E...

Updated thunderbird packages fix security vulnerability

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

CVE-2022-1834

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an ema...

goCabrito - Super Organized And Flexible Script For Sending Phishing Campaigns

Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails text Sends to lists emails with first, last name csv Supports attachments Splits emails in groups Delays sending emails between each group Support Tags to be placed and...

Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails...

TeleShadow - Telegram Desktop Session Stealer (Windows)

Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace...

SEES (Social Enginnering Email Sender) - A Social Engineering Attack/Audit Tool for Spear Phishing

What is SEES? Most of the companies nowadays have their firewalls, threat monitoring and prevention security appliances setup. With these mechanisms in place, security precautions are taken and incidents are monitored. Inbound traffic being restricted, SEES on the other hand is developed for...

Wordpress WP Realty Plugin - eMail Sender Vulnerability

Exploit Title: Wordpress - wp-realty - eMail Sender Google Dork: inurl:"/wp-content/plugins/wp-realty/" Vendor: http://wprealty.org/ Date: 10/08/2013 Exploit Author: Napsterakos Link: http://localhost/wp-content/plugins/wp-realty/ Exploit:...