CRLF Injection

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the envelope.size parameter in the sendMail function. An attacker can inject arbitrary SMTP commands by supplying CRLF...

EUVD-2002-0743

Malware in sbrugna...

The vulnerability of the Zimbra Collaboration Suite’s corporate email management system lies in the lack of verification of account status when sending emails using 2FA authentication. This allows attackers to increase their privileges.

The vulnerability of the Zimbra Collaboration Suite email management system lies in the lack of verification of account status when sending emails using 2FA two-factor authentication. Exploiting this vulnerability can allow unauthorized users to increase their privileges remotely...

PT-2023-2844 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 9.0 Description: The issue is related to a lack of account status check when sending emails using 2FA two-factor authentication in Zimbra Collaboration Suite. This can allow a remote attacker t...

Command injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Basecamp: DNS Setup allows sending mail on behalf of other customers

Sent on your behalf I knew basecamp themselves had used helpscout for support, so I was curious to see if hey was doing the same. A quick DNS lookup gave me the answer I was looking for: dig hey.com txt ; DiG 9.10.6 hey.com txt ;; global options: +cmd ;; Got answer: ;; -HEADER DiG 9.10.6...

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2016:3032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Sender 0.7 Cross Site Request Forgery

Plugin Name : Sender A8-Cross-SiteRequestForgeryCSRF Effected Version : 0.7 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof of Concept : POC for...

Zoner Photo Studio 15 B3 Buffer Overflow

Title: ====== Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Date: ===== 2012-11-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=759 VL-ID: ===== 759 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============...

AA SMTP Server 1.1 - Crash (PoC)

========================= AA SMTP SERVER v.1.1 -- Crash POC ========================= Application : AA SMTP SERVER v.1.1 Vendor URL : http://www.aa2soft.com/download.htm Category : Windows/POC/Crash Author : ..:: SONiC ::.. aka theM4LW4r3 Special thanks to : Ashwin Vamshi,Sid3^effects,r0073r...

[SECURITY] Fedora 8 Update: ssmtp-2.61-11.6.fc8.1

A secure, effective and simple way of getting mail off a system to your mail hub. It contains no suid-binaries or other dangerous things - no mail spool to poke around in, and no daemons running in the background. Mail is simply forwarded to the configured mailhost. Extremely easy configuration...

apnaspace.txt

Apnaspace.com A myspace type site for arab & indian teens Homepage: http://www.http://www.apnaspace.com Effected files: Comment input box: Posting a blog entry: - Entry title - Entry body Viewing a profile Posting a bulletin. Commenting on a picture Sending mail to someone...

CVE-2002-0751

CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified 1 form-to, 2 form-from, and 3 form-results parameters...

Microsoft Windows 2000 SMTP service fails to properly authenticate credentials of unauthorized user (MS01-037)

Overview A vulnerability exists in the SMTP service installed by default on Microsoft Windows 2000 Server and optionally on Windows 2000 professional that could allow an intruder to use the service to send mail. Description The Simple Mail Transfer Protocol SMTP is the standard protocol used to...