NGINX ngx_mail_proxy_module vulnerability

...

BIT-NGINX-GATEWAY-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

BIT-NGINX-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

CVE-2026-28753

CVE-2026-28753 affects NGINX Plus and NGINX Open Source through the ngx_mail_smtp_module. The vulnerability arises from improper handling of CRLF sequences in DNS responses, which could allow an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, enabling poten...

EUVD-2015-4810

Malware in sbrugna...

Shopware Command Injection Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware. versions of Shopware prior to 6.4.3.1 have a command injection vulnerability in the mail proxy settings. No detailed vulnerability details are currently available...

Shopware 操作系统操作系统命令注入漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. versions of Shopware prior to 6.4.3.1 have a command injection vulnerability in the mail proxy settings. No detailed vulnerability details are currently available...

CVE-2019-5456

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...

PT-2019-17685 · Ubiquiti · Unifi Controller

Name of the Vulnerable Software and Affected Versions: UniFi Controller versions prior to 5.10.22 Description: A malicious actor can set up an SMTP proxy server between the UniFi Controller and the actual SMTP server to record SMTP credentials for later malicious use. Recommendations: For version...

CVE-2017-10031

Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications subcomponent: Mail Proxy dojo. Supported versions that are affected are 3.0 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10031

Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications subcomponent: Mail Proxy dojo. Supported versions that are affected are 3.0 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Unspecified Vulnerability in Oracle Communications Convergence

Oracle Communications is Oracle's suite of applications for rapidly delivering and monetizing digital life communications.Communications Convergence is one of the components used for cable communications. A security vulnerability exists in the Mail Proxy dojo subcomponent of the Communications...

Sophos XG Firewall < 16.05.5 MR5 Multiple Vulnerabilities

Sophos XG Firewall is prone multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

nginx denial of service vulnerability (CNVD-2016-00982)

nginx is an HTTP and reverse proxy server that can also be used as a mail proxy server. A security vulnerability exists in nginx that allows remote attackers to submit special requests for denial of service attacks...

CVE-2015-4793

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy...

CVE-2015-4793

CVE-2015-4793 concerns Oracle Communications Convergence in Oracle Communications Applications 2.0 and 3.0.1. The vulnerability is described as unspecified and remote-exploitable, potentially affecting confidentiality via unknown vectors related to the Mail Proxy. The NVD record assigns a CVSSv2 ...

CVE-2015-4793

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy...

UBUNTU-CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

CVE-2014-3556

The CVE-2014-3556 entry affects nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4. The STARTTLS implementation in mail/ngx_mail_smtp_handler.c allows an MITM to inject commands into encrypted SMTP sessions by sending a cleartext command after TLS is established, due to insufficient I/O bu...