EUVD-2025-36518

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

PT-2025-44175

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the txt...

CVE-2025-53881 SUSE-specific logrotate configuration allows escalation from mail user/group to root

A UNIX Symbolic Link Symlink Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1...

CVE-2025-53881 SUSE-specific logrotate configuration allows escalation from mail user/group to root

A UNIX Symbolic Link Symlink Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1...

PT-2025-40351

Name of the Vulnerable Software and Affected Versions exim versions prior to 4.98.2-lp156.248.1 Description A flaw exists in the exim package related to a UNIX Symbolic Link Symlink Following vulnerability within the logrotate configuration. This issue allows for privilege escalation from the mai...

PT-2024-13754 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/setup smtp" API endpoint in the smtp server, smtp user, smtp password, and smtp email...

Passbolt Api E-mail HTML injection

Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a password’s title or description. Passbolt does not escape the user’s input properly, resulting in the...

CVE-2024-35187 Stalwart Mail Server has privilege escalation by design

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user including web interface admins can gain complete root access to the system. Usually, system services are run as a separate user not as root to...

CVE-2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...

CVE-2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...

CVE-2020-11599

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user...

CentOS 6 / 7 : mailx (CESA-2014:1999)

Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Pine 4.x Empty MIME Boundary Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5301/info Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft Operating Systems. When a mail is received by pine that contains MIME...

Ximian Evolution 1.x UUEncoding Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7118/info A vulnerability has been discovered in the Ximian Evolution Mail User Agent MUA. The problem occurs when the mailer attempts to process a maliciously encoded e-mail message. When attempting to decode the message...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Microsoft Outlook Web Access owa/ev.owa 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule...

SuSE9 Security Update : netpbm (YOU Patch Number 11701)

This update fixes a buffer overflow in the RGBA-palette code. The bug can be abused to trigger a denial-or-service attack by feeding untrusted data to 'pnmtopng -alpha' maybe via a remote service like a CGI, mail user agent, etc. The execution of arbitrary code is theoretically possible but...

Fedora Update for mutt FEDORA-2007-540

Check for the Version of mutt OpenVAS Vulnerability Test Fedora Update for mutt FEDORA-2007-540 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Fedora Update for mutt FEDORA-2007-0001

Check for the Version of mutt OpenVAS Vulnerability Test Fedora Update for mutt FEDORA-2007-0001 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Debian Security Advisory DSA 096-1 (mutt)

The remote host is missing an update to mutt announced via advisory DSA 096-1. OpenVAS Vulnerability Test $Id: deb0961.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 096-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...