GHSA-VVJJ-XCJG-GR5G Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

EUVD-1999-0284

Malware in sbrugna...

EUVD-1999-1485

Malware in sbrugna...

EUVD-1999-0098

Malware in sbrugna...

EUVD-2002-2366

Malware in sbrugna...

EUVD-2003-0734

Malware in sbrugna...

EUVD-2001-0727

Malware in sbrugna...

EUVD-2001-0394

Malware in sbrugna...

EUVD-2002-2177

Malware in sbrugna...

EUVD-2001-1059

Malware in sbrugna...

EUVD-2000-0820

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-20790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO fiel...

MAL-2025-41421 Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

CVE-2002-2388

Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service crash via a long HELO command...

CVE-2002-2198

Buffer overflow in ZMailer before 2.99.511 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname...

SideFX: Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's.

Port 587 SMTP open. Attacker can send emails remotely to company email addresses. This allows phishing, spamming, or other malicious emails to be sent from what appears to be a legitimate internal company email account...

Mageia: Security Advisory (MGASA-2021-0462)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege Escalation

OpenDMARC is vulnerable to privilege escaltion. The vulnerability exists due to pypolicyd-spf allowing an attacker to bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...