115 matches found
Malicious code in temporary-beige-mandrill (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9876 Malicious code in temporary-beige-mandrill (npm)
--- -= Per source details. Do not edit below this line.=-...
WordPress Send Emails with Mandrill plugin <= 1.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Send Emails with Mandrill versions = 1.4.1...
WordPress Send Emails with Mandrill Plugin <= 1.4.1 is vulnerable to Broken Access Control
Software Send Emails with Mandrill Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43208 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b4a893afe4e6 Credits Abdi Pranata Requir...
CVE-2023-47828
Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33...
CVE-2023-47828
Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33...
Malicious code in mandrill-api-ruby (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 16f2aff274da86497ad8fe6322b501a1269cd37d3ad40e227f11126aa2da5413 The OpenSSF Package Analysis project identified 'mandrill-api-ruby' @ 6.0.1 rubygems as malicious. It is considered malicious because: - The...
MAL-2023-1428 Malicious code in mandrill-api-ruby (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 16f2aff274da86497ad8fe6322b501a1269cd37d3ad40e227f11126aa2da5413 The OpenSSF Package Analysis project identified 'mandrill-api-ruby' @ 6.0.1 rubygems as malicious. It is considered malicious because: - The...
Inflection: Fake mailing reports using mail service on [URL : mail-txn.identity.com]
Researcher discovered an unused subdomain that served as an alias for Mandrill's third-party transactional email service. Mandrill's relay server could be used to send bounceback/failed delivery messages to an arbitrary "sender", although the contents of the message itself are limited to Mandrill...
HackerOne: SPF whitelist of mandrill leads to email forgery
I just sent a forged email to [email protected] that appears to originate from [email protected]. I was able to do this because of the following SPF record: dig txt hackerone.com hackerone.com. 299 IN TXT "v=spf1 include:spf.google.com include:sendgrid.net include:mail.zendesk.com...
CVE-2012-5544
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard...
Default credentials
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard...
CVE-2012-5544
Summary: The Mandrill module for Drupal 7.x (versions 7.x-1.x before 7.x-1.2) exposes password reset links via Mandrill dashboard logs when accessed by remote authenticated users. This is caused by the module logging message contents by default, enabling an attacker with dashboard access to trigg...
CVE-2012-5544
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard...
SA-CONTRIB-2012-153 - Mandrill - Information Disclosure
This module enables you to send emails using an external gateway and by default logs the contents of the messages. An attacker who gains access to the Mandrill dashboard can trigger password reset emails from the Drupal site, get the reset links from the Mandrill logs, and take over an account...