17 matches found
EUVD-2017-0182
Malware in sbrugna...
SUSE CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
The vulnerability of the `fax_notify_mail` function in the `mgetty` package on Red Hat Enterprise Linux systems allows a hacker to cause a service failure.
The vulnerability of the faxnotifymail function in the mgetty package for Red Hat Enterprise Linux is caused by a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to trigger a service failure using the mailto parameter...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not...
Mgetty Command Injection Vulnerability
Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from the program failing to filter the 'mailto' parameter in the 'faxnotifymail' function The vulnerability can be...
UBUNTU-CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
Rails actionpack gem vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
GHSA-75W6-P6MG-VH8J Rails actionpack gem vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
XSS vulnerabilities in the mail_to helper in rails/actionview
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
XSS vulnerabilities in the mail_to helper in rails/actionpack
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
DEBIAN-CVE-2011-0446
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
CVE-2011-0446
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
CVE-2011-0446
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...