NGINX ngx_mail_proxy_module vulnerability

...

BIT-NGINX-GATEWAY-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

BIT-NGINX-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

CVE-2026-28753

CVE-2026-28753 affects NGINX Plus and NGINX Open Source through the ngx_mail_smtp_module. The vulnerability arises from improper handling of CRLF sequences in DNS responses, which could allow an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, enabling poten...

EUVD-2015-4810

Malware in sbrugna...

Shopware Command Injection Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware. versions of Shopware prior to 6.4.3.1 have a command injection vulnerability in the mail proxy settings. No detailed vulnerability details are currently available...

Shopware 操作系统操作系统命令注入漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. versions of Shopware prior to 6.4.3.1 have a command injection vulnerability in the mail proxy settings. No detailed vulnerability details are currently available...

CVE-2019-5456

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...

PT-2019-17685 · Ubiquiti · Unifi Controller

Name of the Vulnerable Software and Affected Versions: UniFi Controller versions prior to 5.10.22 Description: A malicious actor can set up an SMTP proxy server between the UniFi Controller and the actual SMTP server to record SMTP credentials for later malicious use. Recommendations: For version...

CVE-2017-10031

Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications subcomponent: Mail Proxy dojo. Supported versions that are affected are 3.0 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10031

Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications subcomponent: Mail Proxy dojo. Supported versions that are affected are 3.0 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Unspecified Vulnerability in Oracle Communications Convergence

Oracle Communications is Oracle's suite of applications for rapidly delivering and monetizing digital life communications.Communications Convergence is one of the components used for cable communications. A security vulnerability exists in the Mail Proxy dojo subcomponent of the Communications...

Sophos XG Firewall < 16.05.5 MR5 Multiple Vulnerabilities

Sophos XG Firewall is prone multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Vulnerability of nginx software, allowing a remote attacker to compromise the confidentiality of protected information

The vulnerability in the SMTP proxy of Nginx allows attackers who operate on a “man-in-the-middle” principle to inject commands into SSL sessions initiated with the STARTTLS command, thereby gaining access to confidential information sent by clients...

The vulnerability of Oracle Communications Applications’ network management and organization software allows attackers to compromise the confidentiality of information.

The vulnerability of the Oracle Communications Convergence component of the Oracle Communications Applications software and network management suite is related to code errors. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of information through...

nginx denial of service vulnerability (CNVD-2016-00982)

nginx is an HTTP and reverse proxy server that can also be used as a mail proxy server. A security vulnerability exists in nginx that allows remote attackers to submit special requests for denial of service attacks...

CVE-2015-4793

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy...

CVE-2015-4793

CVE-2015-4793 concerns Oracle Communications Convergence in Oracle Communications Applications 2.0 and 3.0.1. The vulnerability is described as unspecified and remote-exploitable, potentially affecting confidentiality via unknown vectors related to the Mail Proxy. The NVD record assigns a CVSSv2 ...

CVE-2015-4793

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy...