Netty has SMTP Command Injection Vulnerability that Allows Email Forgery

Summary An SMTP Command Injection CRLF Injection vulnerability in Netty's SMTP codec allows a remote attacker who can control SMTP command parameters e.g., an email recipient to forge arbitrary emails from the trusted server. This bypasses standard email authentication and can be used to...

CVE-2025-59419

Netty CVE-2025-59419 is a CRLF injection vulnerability in the SMTP codec. In Netty versions prior to 4.1.128.Final and 4.2.7.Final, io.netty.handler.codec.smtp.DefaultSmtpRequest concatenates parameters into SMTP commands without sanitization, enabling an attacker-controlled CRLF sequence in reci...

EUVD-1999-0510

Malware in sbrugna...

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)

The version of php installed on the remote host is prior to 8.1.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...

Medium: php8.1

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

SP PHP Email Handler 注入漏洞

SP PHP Email Handler is a PHP package for handling contact form submissions from the individual developer Spencer14420. An injection vulnerability exists in versions of SP PHP Email Handler prior to 1.0.0, which stems from the vulnerability of messages sent to be abused, allowing an attacker to u...

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Attackers are abusing normal features of legitimate web sites to transmit spam, such as the traditional method of verifying the creation of a new account. This web infrastructure and its associated email infrastructure is otherwise used for legitimate purposes, which makes blocking these messages...

BIT-MINIO-2021-21287 Server-Side Request Forgery in MinIO Browser API

MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or...

QwikMail 0.3 HELO Command Buffer Overflow Vulnerability

No description provided by source. source: www.securityfocus.com/bid/11989/info QwikMail qwik-smtpd is reported prone to a remotely exploitable buffer overflow vulnerability. The issue is due to insufficient bounds checking of client-supplied SMTP HELO request data. This issue could theoretically...