10 matches found
SUSE CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
Privilege Escalation
OpenDMARC is vulnerable to privilege escaltion. The vulnerability exists due to pypolicyd-spf allowing an attacker to bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...
CVE-2019-20790
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...
OpenSMTPD Remote Command Execution Vulnerability
OpenSMTPD is a free server-side implementation of the SMTP protocol developed by the OpenBSD team, defined via RFC5321 and part of the OpenBSD project. A remote command execution vulnerability exists in OpenSMTPD. It allows remote attackers to execute arbitrary commands as root via a specially...
ALPINE-CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
Input validation
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
CVE-2004-1945
The CVE-2004-1945 issue affects the POP3 service of Kinesphere eXchange, where a buffer overflow in the MAIL FROM handling could allow remote attackers to execute arbitrary code. The vulnerability is triggered by a long MAIL FROM field, enabling potential remote code execution with no authenticat...
CVE-2004-1945
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field...
CVE-2004-1945
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field...
Avirt Mail 4.04.2 - Mail From: Rcpt to: Denial of Service
Avirt Mail 4.04.2 - Mail From: Rcpt to: Denial of Service // source: https://www.securityfocus.com/bid/1825/info Due to insufficient bounds checking in the code that handles the fields 'MAIL FROM:' and 'RCPT TO:', it is possible to remotely crash Avirt Mail. Entering over 272 characters into the...