85 matches found
CVE-2022-37238
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the currentRequest parameter...
CVE-2022-37243
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the whitelist endpoint...
CVE-2022-37240
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...
CVE-2022-37244
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection...
EUVD-2022-39895
Malicious code in bioql PyPI...
EUVD-2022-39888
Malicious code in bioql PyPI...
EUVD-2022-39889
Malicious code in bioql PyPI...
EUVD-2022-39891
Malicious code in bioql PyPI...
EUVD-2022-39893
Malicious code in bioql PyPI...
CVE-2022-37245
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the Blacklist endpoint...
CVE-2022-37241
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the dataleaklistajax endpoint...
Millions of Email Servers Exposed Due to Missing TLS Encryption
Millions of email servers worldwide remain alarmingly vulnerable to cyberattacks due to a critical security oversight: the absence of Transport Layer Security TLS encryption...
SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...
SMTP Smuggling Enabling Spoofed Emails to Evade Authentication Protocols
Summary: A new email spoofing technique called "SMTP Smuggling" lets attackers send emails from fake addresses, bypassing security checks. This trick works by abusing how different servers handle line endings in email messages. The attack could affect millions of email users, so updating your...
Insufficient Verification Of Data Authenticity
exim4 library is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to insufficient verification Exim's SMTP server configurations as it support a character sequence . in SMTP transactions, which is not universally supported by other popular email servers. This...
Exim Vulnerable to Zero-Day Remote Code Execution Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Six zero-day vulnerabilities have been discovered in the Exim Internet Mailer, potentially putting thousands of email servers worldwide at risk. These vulnerabilities, if successfully exploited,...
U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons
The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. "The incident was identified in October 2022 after suspicious activity wa...
CVE-2022-37238
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the currentRequest parameter...
CVE-2022-37238
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the currentRequest parameter...
CVE-2022-37245
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the Blacklist endpoint...