CVE-2009-4159

Cross-site scripting XSS vulnerability in the newsletter configuration feature in the backend module in the Direct Mail directmail extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

EUVD-2009-4129

Malware in sbrugna...

EUVD-2022-4262

Malicious code in bioql PyPI...

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

FoF Pretty Mail 1.1.2 Server-Side Template Injection Vulnerability

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS...

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.3), org.apache.james.examples:custom-mailets (>=3.6.0 <=3.7.3) +141 more potentially affected by CVE-2023-26269 via org.apache.james:javax-mail-extension (>=3.1.0 <=3.7.3)

org.apache.james:javax-mail-extension MAVEN version =3.1.0, =3.7.0, =3.6.0, =3.7.0, =3.7.0, =3.4.0, =3.4.0, =3.6.0, =3.1.0, =3.1.0, =3.7.0, =3.4.0, =3.1.0, =3.1.0, =3.7.0, =3.7.3 and more Source cves: CVE-2023-26269 Source advisory: OSV:GHSA-W7R6-V4J7-H94Whttps://vulners.com/osv/OSV:GHSA-W7R6-V4J...

SUSE CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...

Nextcloud: Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Summary: The mail extension in nextcloud includes a module called "cerdic/csstidy" which basically ships with a publicly accessible test/example interface to play with the CSS formatter and optimiser /apps/mail/vendor/cerdic/css-tidy/cssoptimiser.php. This module allows contacting any remote serv...

CVE-2020-12697

The directmail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries...

CVE-2020-12700

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

CVE-2020-12698

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

PT-2020-13211

Name of the Vulnerable Software and Affected Versions: direct mail extension for TYPO3 versions through 5.2.3 Description: The issue allows for Denial of Service via log entries. Recommendations: For versions through 5.2.3, update to a version later than 5.2.3 to resolve the issue...

TYPO3 Direct Mail Extension CVE-2019-16698 Information Disclosure Vulnerability

Description Direct Mail Extension for TYPO3 is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. dkd Direct Mail Extension versions prior to 5.2.3 are vulnerable. Technologies Affected dkd...

ALPINE-CVE-2018-19935

ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function...

DEBIAN-CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...

Authentication flaw

The Direct Mail directmail extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes...

Cisco AsyncOS for Email Security Appliances MIME Header Processing Filter Bypass (cisco-sa-20161116-esa1 / cisco-sa-20161116-esa2)

According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security ESA appliance is affected by an email filter bypass vulnerability in the email filtering functionality due to improper error handling when processing malformed Multipurpose Internet Mail Extension...

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the pharfixfilepath function ext/phar/phar.c in the PHP interpreter arises due to buffer overflow in the stack. Exploiting this vulnerability may allow an attacker to cause service failures or potentially have other effects by using a value with a very long length that is not...

UBUNTU-CVE-2015-5590

Stack-based buffer overflow in the pharfixfilepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling...

GMime: Arbitrary code execution

Background GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME. Description GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact A context-dependent attacker could...