HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the HTTPHOST value being directly embedded into the Message-ID header during email generation. An attacker can inject arbitrary SMTP headers into outgoing emails by supplying a crafted Host header during...

BIT-NGINX-GATEWAY-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

CVE-2021-31988

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...

Sendmail SMTP Address prescan Memory Corruption

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sendmail SMTP Address prescan Memory Corruption', 'Description' = %q This is a proof of concept denial of service module for Sendmail versions...

Improper Input Validation in Apache Commons Email

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers...

Mageia: Security Advisory (MGASA-2017-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AXIS OS 5.51 < 5.51.7.5 / 6.0 < 6.50.5.5 / 7.0 < 8.40.4.3 / 9.0 < 9.80.3.5 / 10.0 < 10.8 Multiple Vulnerabilities

The firmware version running on the remote host is vulnerable to multiple vulnerabilities, including the following: - User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. CVE-2021-31986 - A...

CVE-2021-31988

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...

MGASA-2017-0322 Updated apache-commons-email packages fix security vulnerability

In apache-commons-email before 1.5, when a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers CVE-2017-9801...

Apache Commons Email Input Validation Vulnerability

Apache Commons Email is the United States Apache Apache Software Foundation, an application programming interface that provides e-mail sending capabilities. A security vulnerability exists in Apache Commons Email versions 1.0 through 1.4. An attacker can exploit the vulnerability to add arbitrary...

Sql injection

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers...

CVE-2017-9801

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers...

CVE-2017-9801

CVE-2017-9801 affects Apache Commons Email (versions 1.0–1.4). A call-site passing an email subject containing line-breaks can be exploited to inject arbitrary SMTP headers, due to a flaw in how setSubject handles input. This can lead to SMTP header manipulation and potential information exposure...

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...

Crlf injection

mailhtml template in Squishdot 1.5.0 and earlier does not properly validate the 1 email and 2 title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability...

CVE-2006-0712

mailhtml template in Squishdot 1.5.0 and earlier does not properly validate the 1 email and 2 title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability...

CVE-2006-0712

mailhtml template in Squishdot 1.5.0 and earlier does not properly validate the 1 email and 2 title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability...

Biz Mail Form 2.x - Unauthorized Mail Relay

source: https://www.securityfocus.com/bid/12620/info Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay. An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences. If successful, it becomes possible to abuse th...

Biz Mail Form 2.x - Unauthorized Mail Relay

Biz Mail Form 2.x - Unauthorized Mail Relay source: https://www.securityfocus.com/bid/12620/info Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay. An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences. If...

CA&#39;s InoculateIT Agent for Exchange Server

Hi, I'm new in the list, my 1st msg: The CA's InoculateIT Agent for Exchange Server cannot detect some messages that have the SMTP headers changed. In October/1999 I reported it to local CA support office, but still now nothing have done. Guys at [email protected] seem to ignore my messages. The bug...