EUVD-2026-34087

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CKAN has no certificate validation on STMP connection

Impact Configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...

Mageia: Security Advisory (MGASA-2014-0270)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

Mozilla Thunderbird < 91.2

The version of Thunderbird installed on the remote Windows host is prior to 91.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-47 advisory. - Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memor...

Trojan.Win32.Barjac Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/62ad686f97faaa68f580d32d25333f51.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Barjac Vulnerability: Remote Stack Buffer Overflow. Description: Trojan.Win32.Barjac mak...

XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

SysGauge 1.5.18 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits Exploit Title: SysGauge 1.5.18 – buffer overflow in SMTP connection verification function leads to code execution Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...

Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

FreeBSD -- sendmail improper close-on-exec flag handling

Problem Description: There is a programming error in sendmail8 that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. Impact: A local user who can execute their own program for mail...

exim remote heap overflow, probably not exploitable

Exim www.exim.org is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim...

promail.1.21.trojan.txt

Date: Fri, 19 Mar 1999 09:41:18 +0100 From: Aeon Labs To: [email protected] Subject: security/privacy news Perhaps this might be of interest to Your readers. ProMail v1.21, an advanced freeware mail program spread through several worldwide distribution networks SimTel.net, Shareware.co...