21 matches found
CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure
uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...
CVE-2018-25229
BulletProof FTP Server 2019.0.0.50 is affected by a local denial-of-service vulnerability in the SMTP configuration interface. An input buffer of 257 'A' characters in the SMTP Server field can crash the application when Test is clicked. Connected sources corroborate the existence of a DoS via th...
EUVD-2021-15890
Malware in sbrugna...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
PT-2024-36492 · Gophish +1 · Gophish +1
Name of the Vulnerable Software and Affected Versions: GoPhish version 0.12.1 Description: The issue allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers due to insufficiently protected credentials in the Mail Server Configuration. Recommendations: For GoPhish...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
CVE-2024-55196 concerns GoPhish v0.12.1 with a misconfiguration in the mail-server credentials handling. The vulnerability arises from insufficiently protected credentials in the Mail Server Configuration, enabling an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2021-29251
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...
Code injection
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...
PT-2020-6405 · Unknown +2 · Roundcubemail +2
Name of the Vulnerable Software and Affected Versions: Roundcube Mail versions prior to 1.4.5 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It is associated with the smtp config in the installer. The vulnerability may allow a remote attacker to impact data...
Authorization
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...
CVE-2019-20474
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
New Relic: Missing security best practices (leads to further impact)
Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords steps to reproduce the two issues create account with password example badcracker@123 change password to...
Infogram: Email notification is not being sent while changing passwords
Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords. Impact:- Case-1:- -whenever a user requests a reset token for recovery of his account,a reset token is being to...
PT-2013-1323 · Schneider Electric · Modicon M340 +2
Name of the Vulnerable Software and Affected Versions: Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium versions affected versions not specified Description: The issue is related to errors in security mechanisms, which...
Fedora 11 : spamass-milter-0.3.1-18.fc11 (2010-5176)
This update includes a fix for a problem where if the milter is running using the '-x' option to expand aliases before passing inbound mail through SpamAssassin, a malicious client using a carefully-crafted SMTP session could execute arbitrary code on the mail server. The fix avoids the use of a...