Lucene search
K

115 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:22 p.m.2 views

Malicious code in temporary-beige-mandrill (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 1:22 p.m.4 views

MAL-2024-9876 Malicious code in temporary-beige-mandrill (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2024/08/09 10:40 a.m.5 views

WordPress Send Emails with Mandrill plugin <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Send Emails with Mandrill versions = 1.4.1...

4.3CVSS7AI score0.00384EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.9 views

WordPress Send Emails with Mandrill Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Send Emails with Mandrill Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43208 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b4a893afe4e6 Credits Abdi Pranata Requir...

4.3CVSS6.3AI score0.00384EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/12 10:15 a.m.36 views

CVE-2023-47828

Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33...

4.3CVSS0.0028EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 10:15 a.m.2 views

CVE-2023-47828

Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/09 5:40 p.m.3 views

Malicious code in mandrill-api-ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 16f2aff274da86497ad8fe6322b501a1269cd37d3ad40e227f11126aa2da5413 The OpenSSF Package Analysis project identified 'mandrill-api-ruby' @ 6.0.1 rubygems as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
OSV
OSV
added 2023/05/09 5:40 p.m.12 views

MAL-2023-1428 Malicious code in mandrill-api-ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 16f2aff274da86497ad8fe6322b501a1269cd37d3ad40e227f11126aa2da5413 The OpenSSF Package Analysis project identified 'mandrill-api-ruby' @ 6.0.1 rubygems as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/10/19 11:50 p.m.28 views

Inflection: Fake mailing reports using mail service on [URL : mail-txn.identity.com]

Researcher discovered an unused subdomain that served as an alias for Mandrill's third-party transactional email service. Mandrill's relay server could be used to send bounceback/failed delivery messages to an arbitrary "sender", although the contents of the message itself are limited to Mandrill...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/04/16 6:15 p.m.75 views

HackerOne: SPF whitelist of mandrill leads to email forgery

I just sent a forged email to [email protected] that appears to originate from [email protected]. I was able to do this because of the following SPF record: dig txt hackerone.com hackerone.com. 299 IN TXT "v=spf1 include:spf.google.com include:sendgrid.net include:mail.zendesk.com...

1.1AI score
Exploits0
NVD
NVD
added 2012/12/03 9:55 p.m.16 views

CVE-2012-5544

The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard...

4CVSS6.4AI score0.01082EPSS
Exploits0References3
Prion
Prion
added 2012/12/03 9:55 p.m.20 views

Default credentials

The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard...

4CVSS6.8AI score0.01082EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/12/03 9:0 p.m.41 views

CVE-2012-5544

Summary: The Mandrill module for Drupal 7.x (versions 7.x-1.x before 7.x-1.2) exposes password reset links via Mandrill dashboard logs when accessed by remote authenticated users. This is caused by the module logging message contents by default, enabling an attacker with dashboard access to trigg...

4CVSS6.6AI score0.01082EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/12/03 9:0 p.m.19 views

CVE-2012-5544

The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard...

6.4AI score0.01082EPSS
Exploits0References3
Drupal
Drupal
added 2012/10/10 12:0 a.m.17 views

SA-CONTRIB-2012-153 - Mandrill - Information Disclosure

This module enables you to send emails using an external gateway and by default logs the contents of the messages. An attacker who gains access to the Mandrill dashboard can trigger password reset emails from the Drupal site, get the reset links from the Mandrill logs, and take over an account...

4CVSS6.6AI score0.01082EPSS
Exploits0References12
Rows per page
Query Builder