20 matches found
CVE-2018-25229
CVE-2018-25229 affects BulletProof FTP Server 2019.0.0.50. The issue is a denial-of-service in the SMTP configuration interface: sending an oversized string (257 'A' characters in the SMTP Server field and clicking Test) crashes the application. Attack is local; no details on exploitation outside...
EUVD-2021-15890
Malware in sbrugna...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
CVE-2024-55196
CVE-2024-55196 concerns GoPhish v0.12.1 with a misconfiguration in the mail-server credentials handling. The vulnerability arises from insufficiently protected credentials in the Mail Server Configuration, enabling an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
PT-2024-36492 · Gophish +1 · Gophish +1
Name of the Vulnerable Software and Affected Versions: GoPhish version 0.12.1 Description: The issue allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers due to insufficiently protected credentials in the Mail Server Configuration. Recommendations: For GoPhish...
CVE-2021-29251
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...
Code injection
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...
PT-2020-6405 · Unknown +2 · Roundcubemail +2
Name of the Vulnerable Software and Affected Versions: Roundcube Mail versions prior to 1.4.5 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It is associated with the smtp config in the installer. The vulnerability may allow a remote attacker to impact data...
Authorization
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...
CVE-2019-20474
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
New Relic: Missing security best practices (leads to further impact)
Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords steps to reproduce the two issues create account with password example badcracker@123 change password to...
Infogram: Email notification is not being sent while changing passwords
Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords. Impact:- Case-1:- -whenever a user requests a reset token for recovery of his account,a reset token is being to...
PT-2013-1323 · Schneider Electric · Modicon M340 +2
Name of the Vulnerable Software and Affected Versions: Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium versions affected versions not specified Description: The issue is related to errors in security mechanisms, which...
Fedora 11 : spamass-milter-0.3.1-18.fc11 (2010-5176)
This update includes a fix for a problem where if the milter is running using the '-x' option to expand aliases before passing inbound mail through SpamAssassin, a malicious client using a carefully-crafted SMTP session could execute arbitrary code on the mail server. The fix avoids the use of a...
NTMail3 Arbitrary Mail Relay
Nessus has detected that the remote SMTP server allows anyone to use it as a mail relay provided that the source address is set to ''. This issue allows any spammer to use your mail server to send their mail to the world, thus flooding your network bandwidth and possibly getting your mail server...