121 matches found
CVE-2019-1955
A vulnerability in the Sender Policy Framework SPF functionality of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking...
Cisco Email Security Appliance AsyncOS Software Input Validation Error Vulnerability (CNVD-2020-16476)
Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. An input validation error vulnerability exists in AsyncOS Software in the Cisco Email Security Appliance. The vulnerability stems from the lack of a...
PT-2019-3142 · Cisco · Cisco Email Security Appliance
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance ESA affected versions not specified Description: The issue is related to the Sender Policy Framework SPF component of the Cisco Email Security Appliance ESA, which has a vulnerability due to insufficient input...
CVE-2016-10793
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect ! in Mail::SPF scripts SEC-152...
The vulnerability of the anti-spam protection mechanism of the Cisco Email Security Appliance allows attackers to compromise the integrity of the protected information.
The vulnerability of the anti-spam protection mechanism of Cisco Email Security Appliance is related to errors in the verification of Sender Policy Framework SPF messages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information by sending...
Cisco Email Security Appliance AsyncOS Software Access Control Error Vulnerability
Cisco Email Security Appliance ESA is a set of email security appliances from Cisco USA. The appliance provides spam protection, email encryption, data loss prevention, etc. AsyncOS Software is a set of operating systems used in it. An access control error vulnerability exists in the anti-spam...
Paragon Initiative Enterprises: Vunerability : spf
Heĺlo sir, im an independent security researcher. I found an vunerability in your website Your website https://github.com/paragonie doesn't have valid spf records. To recover this do validate your spf. Sender Policy Framework SPF: This allows you specify which mail servers are allowed to send mai...
Cakebet: Sender policy framework (SPF) records evaluation return (Too many DNS lookups) error
Hi Security Team , Your SPF record suffers from a “too many lookups” error. The specifications for the SPF record limit the number of lookups such as, translating a name to an IP address to 10. An SPF record like what is shown below will have the too many lookup errors : Found v=spf1 record for...
Paragon Initiative Enterprises: Missing SPF for paragonie.com
There is no TXT record in DNS zone that defines Sender Policy Framework entry for domain paragonie.com. This makes it easy to spoof your e-mail address. For SPF record just check this http://www.kitterman.com/spf/validate.html...
Paragon Initiative Enterprises: Missing SPF
There is no TXT record in DNS zone that defines Sender Policy Framework entry for domain paragonie.com. This makes it easy to spoof your e-mail address...
Paragon Initiative Enterprises: Missing SPF for https://paragonie.com/
There is no TXT record in DNS zone that defines Sender Policy Framework entry for domain paragonie.com. This makes it easy to spoof your e-mail address...
Cisco Email Security Appliance Anti-Spam Scanner Remote Security Bypass Vulnerability
Cisco Email Security Appliance ESA is a set of e-mail security appliances from the American company Cisco Cisco. The appliance provides spam protection, email encryption, data loss prevention and other features. A security vulnerability exists in the anti-spam scanner of the Cisco ESA appliance...
CVE-2013-0354
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework...
Code injection
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework...
libspf2 DNS TXT record parsing buffer overflow
Overview libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. Description libspf2 is a widely-deployed implementation of the Sender Policy Framework. According to RFC 4408: An SPF record is a DNS Resource Record RR that declares which hosts are, and are not,...
libspf2: DNS response buffer overflow
Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...
CVE-2006-1520
Format string vulnerability in ANSI C Sender Policy Framework library libspf before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address...
Format string
Format string vulnerability in ANSI C Sender Policy Framework library libspf before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address...
CVE-2006-1520
CVE-2006-1520 affects libspf before 1.0.0-p5. When debugging is enabled, it allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address. Impact: remote code execution. A fix is available in libspf 1.0.0-p5 or later; upgrade to mitigate.
CVE-2005-2151
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework SPF records, which could allow attackers to cause memory corruption...