43 matches found
MAL-2026-4654 Malicious code in qazaq-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed'...
Malicious code in qazaq-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed'...
CVE-2026-33715
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...
CVE-2026-0829
The CVE-2026-0829 entry concerns the Frontend File Manager Plugin for WordPress (up to version 23.5). It states unauthenticated users can relay emails through the site and access/share uploaded files by guessing file IDs, exposing sensitive information and enabling spam/phishing use. The descript...
CVE-2026-0829
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...
CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...
PT-2026-8399
Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin versions through 23.5 Description The Frontend File Manager plugin allows unauthenticated users to send emails through the WordPress site without security checks. This enables attackers to utilize the site as an op...
EUVD-2006-0980
Malware in sbrugna...
SMTP Open Relay Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP Open Relay Detection', 'Description' = %q This module tests if an SMTP server will accept via a code 250 an e-mail by using a variation of...
Ubuntu: Security Advisory (USN-74-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Telefication <= 1.8.0 - Open Relay & Server-Side Request Forgery
The plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests...
WordPress Telefication vulnerability <= 1.8.0 - Open Relay and Server-Side Request Forgery vulnerability
Open Relay and Server-Side Request Forgery vulnerability discovered by Marco Wotschka & Charles Strader Sweethill in WordPress Telefication vulnerability versions = 1.8.0. Solution This plugin has been closed as of September 20, 2021 and is not available for download. This closure is temporary,...
Design/Logic Flaw
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship...
8x8 Bounty: Open TURN relay abuse is possible due to lack of peer access control (Critical)
NOTE: This is not an SSRF vulnerability but an open TURN relay vulnerability. Typically, this security vulnerability has at least the same impact as an SSRF. However it is considered more useful from an attacker's point of view since attacks are not restricted to HTTP. - Affects: - █████:443 -...
OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay
╔═╗┌─┐┌─┐┌┐┌╦═╗┌─┐┬ ┌─┐┬ ┬╔╦╗┌─┐┌─┐┬┌─┐ ║ ║├─┘├┤ │││╠╦╝├┤ │ ├─┤└┬┘║║║├─┤│ ┬││ ╚═╝┴ └─┘┘└┘╩╚═└─┘┴─┘┴ ┴ ┴ ╩ ╩┴ ┴└─┘┴└─┘ Tool to test for vulnerable open relays on SMTP servers Features Check single target/ domain list Port 587 and 465 Implemented Multithreaded Download OpenRelayMagic...
Apache Traffic Server 5.1.x < 5.1.1 Multiple Vulnerabilities (POODLE)
Binary data 9081.prm...
FreeBSD : james -- multiple vulnerabilities (be3069c9-67e7-11e5-9909-002590263bf5)
The Apache James Project reports : This release has many enhancements and bug fixes over the previous release. See the Release Notes for a detailed list of changes. Some of the earlier defects could turn a James mail server into an Open Relay and allow files to be written on disk. All users of...
james -- multiple vulnerabilities
The Apache James Project reports: This release has many enhancements and bug fixes over the previous release. See the Release Notes for a detailed list of changes. Some of the earlier defects could turn a James mail server into an Open Relay and allow files to be written on disk. All users of Jam...
Apache Traffic Server 5.1.x < 5.1.1 Multiple Vulnerabilities (POODLE)
According to its banner, the version of Apache Traffic Server running on the remote host is 5.1.x prior to 5.1.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL...
CacheFlow CacheOS 4.1.10016 HTTP HOST Proxy Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8584/info Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header value. This...