14 matches found
EUVD-2025-22977
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-8264
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inje...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
GHSA-W832-W3P8-CW29 z-push/z-push-dev SQL Injection Vulnerability
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
z-push/z-push-dev SQL Injection Vulnerability
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
UBUNTU-CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
CVE-2025-8264 affects z-push/z-push-dev prior to version 2.7.6 due to unparameterized queries in the IMAP backend, enabling SQL Injection via the username field in basic authentication. Impact stated as attacker could access and potentially modify or delete data in a linked third-party database. ...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
PT-2025-31175 · Z-Push +1 · Z-Push +1
Name of the Vulnerable Software and Affected Versions: z-push/z-push-dev versions prior to 2.7.6 Description: The software is vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic...
SQL Injection
Overview z-push/z-push-dev is an open-source application to synchronize ActiveSync compatible devices Affected versions of this package are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field ...
Ubuntu 5.04 / 5.10 / 6.06 LTS : mutt vulnerability (USN-307-1)
TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. Note that Tenable...