17 matches found
CVE-2019-11332
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...
Following the digital trail: what happens to data stolen in a phishing attack
Introduction A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a...
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
CVE-2025-62643
The RBI assistant platform (Restaurant Brands International) through 2025-09-06 is affected by multiple interconnected issues. Public sources describe a remote, unauthenticated signup weakness via an open signup API, enabling account creation without proper verification, and a separate vulnerabil...
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
EUVD-2019-3013
Malware in sbrugna...
CVE-2020-12398
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...
CVE-2018-15668
CVE-2018-15668 affects Bloop Airmail 3.5.9 for macOS. The airmail:// URL scheme’s send command can be invoked by external applications to auto-send emails from the user’s active account, with attachment_ parameters allowing any accessible file path (including relative paths) to be attached withou...
flatCore CMS 1.4.6: Remote Code Execution and Easteregg
RIPS Analysis The 74,000 lines of code of the flatCore CMS were analyzed in less than 3 minutes. RIPS discovered multiple vulnerabilities ranging from open redirection CVE-2017-11205 and cross-site scripting CVE-2017-11204 to SQL injection CVE-2017-11207, many of them being exploitable as...
MiniBBS22 from CGI RESCUE allows unauthorized email transmission
Overview MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the...
JVN#36982346 MiniBBS22 from CGI RESCUE allows unauthorized email transmission
MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send any email to an arbitrary address. Solution Update the software Update to the latest versi...
JVN#76370393 FORM2MAIL from CGI RESCUE allows unauthorized email transmission
FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send emails to arbitrary addresses. Solution Updat...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
Dansie Cart Script Exploit Reported
Synopsis : This program -deliberately- allows arbitrary commands to be executed on the victim server. One of our clients, while installing and configuring the Dansie Shopping Cart, ran into difficulty integrating PGP, the shopping cart program, and our secure server setup. While trying to assist...
Know thyself commonly used to hack Email accounts of three methods-vulnerability warning-the black bar safety net
E-mail is not secure, in the mail sending, transmitting and receiving the whole process of each link is there may be a weak link, a malicious user if the use of their vulnerability, it is possible to easily hack the account to get mail content. One, the use of the mail serveroperating...