48 matches found
CVE-2026-23609
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to...
CVE-2026-23609
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to...
CVE-2026-23609
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to...
CVE-2026-23609
GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can submit HTML/JavaScript to ctl00$ContentPlaceHolder1$pv3$txtDescription on /MailEssentials/pages/MailSecurity/PerimeterSMT...
CVE-2026-23609 GFI MailEssentials AI < 22.4 General Settings Perimeter SMTP Servers Description Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to...
EUVD-2007-2762
Malware in sbrugna...
EUVD-2003-0843
Malware in sbrugna...
EUVD-2009-4531
Malware in sbrugna...
CVE-2020-15047
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers...
Creating Scripts to Identify Vulnerable SMTP Servers
This whitepaper covers how to create Nmap scripts to identify banners and versions of SMTP servers. It also covers methods to mitigate the public visibility of banners and version information on SMTP servers. Written in Portuguese...
CVE-2024-55196
CVE-2024-55196 concerns GoPhish v0.12.1 with a misconfiguration in the mail-server credentials handling. The vulnerability arises from insufficiently protected credentials in the Mail Server Configuration, enabling an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...
Cisco Multiple Vulnerabilities in NX-OS-Based Products (CVE-2014-3261)
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.41i, NX-OS 5.0 before 5.03U22 on Nexus 3000 devices, NX-OS 4.1 before 4.12E11l on Nexus 4000 devices, NX-OS 5.x before 5.13N11 on Nexus 5000 devices, NX-OS 5...
Metasploit Weekly Wrap-Up
ManageEngine ADSelfService Plus Authenticated RCE This module is pretty exciting for us because it's for a vulnerability discovered by our very own Rapid7 researchers Jake Baines, Hernan Diaz, Andrew Iwamaye, and Dan Kelly. The vulnerability allowed for attackers to leverage the "custom script"...
Code injection
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers...
CVE-2020-15047
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers...
OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay
╔═╗┌─┐┌─┐┌┐┌╦═╗┌─┐┬ ┌─┐┬ ┬╔╦╗┌─┐┌─┐┬┌─┐ ║ ║├─┘├┤ │││╠╦╝├┤ │ ├─┤└┬┘║║║├─┤│ ┬││ ╚═╝┴ └─┘┘└┘╩╚═└─┘┴─┘┴ ┴ ┴ ╩ ╩┴ ┴└─┘┴└─┘ Tool to test for vulnerable open relays on SMTP servers Features Check single target/ domain list Port 587 and 465 Implemented Multithreaded Download OpenRelayMagic...
[SECURITY] Fedora 27 Update: php-PHPMailer-5.2.27-1.fc27
Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...
Threat Roundup for September 14 to September 21
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
Threat Round Up for Feb 16 - 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 16 and February 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...