24 matches found
PayPal closes loophole that let scammers send real emails with fake purchase notices
After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate [email protected] email address. Following reports from people who received emails claiming an automatic payment had been cancelled, BleepingComputer found that...
EUVD-2011-1927
Malware in sbrugna...
EUVD-2004-0182
Malware in sbrugna...
EUVD-2010-0771
Malware in sbrugna...
EUVD-2003-0783
Malware in sbrugna...
EUVD-2023-2547
Malicious code in bioql PyPI...
CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...
CVE-2010-3717
The t3libdiv::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filtervar FILTERVALIDATEEMAIL operations in PHP, which allows remote attackers to cause a denial of service memory consumption and application crash via a...
CVE-2023-51310
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51297
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
Security update for python-Django (important)
openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2024:0282-1 Rating: important References: 1229823 1229824 Cross-References: CVE-2024-45230 CVE-2024-45231 CVSS scores: CVE-2024-45230 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-45231 SUSE...
EUVD-2020-4416
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource consumption via a crafted e-mail message with deeply nested MIME parts...
SUSE-SU-2020:0114-1 Security update for python3
This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Waveread.readfmtchunk bsc1083507. - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ bsc1149955. - CVE-2019-15903: Fixed a heap-based buffer over-read i...
CVE-2019-12913
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services such as Gmail, Outlook, etc. used in the application...
MGASA-2017-0291 Updated clamav packages fix security vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service CVE-2017-6418. It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack...
CVE-2014-9472
The email gateway in RT aka Request Tracker 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service CPU and disk consumption via a crafted email...
Information disclosure
The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service persistent application crash via a "Content-Disposition: ;" header in an e-mail message...
信游科技管理后台弱口令导致敏感信息泄漏
简要描述: 信游科技管理后台弱口令导致敏感信息泄漏 详细说明: test.52xinyou.cn/xykj/login.aspx 应该是测试系统 看下服务邮箱账号泄露 登陆 漏洞证明: 并且可以管理前台页面...
CVE-2014-4720
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477...
CVE-2011-1929
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...