84 matches found
[SECURITY] [DSA 2421-1] moodle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2377-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-2381
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...
CVE-2011-2381
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...
Crlf injection
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...
CVE-2011-2381
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notificatio...
Debian DSA-2252-1 : dovecot - programming error
It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers. The oldstable distribution lenny is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...
openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0175-1)
Huge mail headers could cause dovecot to consume excessive amounts of CPU CVE-2010-0745 dovecot was updated to version 1.2.11 which fixes the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
CVE-2009-1578
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...
CVE-2009-1578
CVE-2009-1578 affects SquirrelMail < 1.4.18 and NaSMail
Crlf injection
CRLF injection vulnerability in contact.php in Moonware aka Dale Mooney Gallery allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers...
CVE-2007-4612
CRLF injection vulnerability in contact.php in Moonware aka Dale Mooney Gallery allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers...
CVE-2007-4612
The CVE-2007-4612 entry concerns Moonware (Dale Mooney Gallery) software, specifically the contact.php script. The vulnerability is a CRLF injection that lets remote attackers inject arbitrary mail headers via CRLF sequences in the subject parameter. This header injection could be leveraged to ad...
CVE-2007-4612
CRLF injection vulnerability in contact.php in Moonware aka Dale Mooney Gallery allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers...
Crlf injection
CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF %0A sequences in the subject parameter, a related issue to CVE-2007-1898...
CVE-2007-2731
Jetbox CMS 2.1 is affected by a CRLF injection in formmail.php, allowing remote attackers to inject arbitrary e-mail headers via LF sequences in the subject parameter. This is linked to CVE-2007-1898. The NetVigilance advisory notes that exploitation requires PHP register_globals to be On; a work...
CVE-2007-1718
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...
Symantec MailSecurity DoS
Crash on malcrafted mail headers parsing...
Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for. Component Type: TYPO3 Core Affected Versions: TYPO3 4.x below 4.0.5, 4.1beta, 4.1RC1, TYPO3 Versions 3.x Vulnerability Type: Email header...
CVE-2006-4344
The CVE-2006-4344 issue affects CGI-Rescue Mail F/W System (formd) prior to 8.3. The vulnerability is a CRLF injection in the mail.cgi and query.cgi components that enables remote attackers to spoof emails and inject email headers. The affected functionality is the mailing form/forwarding system,...