34 matches found
EUVD-2009-5076
Malware in sbrugna...
CVE-2009-5121
Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session...
CVE-2009-5131
The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session...
CVE-2002-2080
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service memory and CPU consumption via a large number of RCPT TO: messages during an SMTP session...
SUSE CVE-2011-1432
The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...
SUSE-SU-2022:3529-1 Security update for sendmail
This update for sendmail fixes the following issues: - Fixed SMTP session reuse leading to STARTTLS not used even if offered bsc1164084...
VulnCheck KEV: CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session...
OpenSMTPD Remote Code Execution Vulnerability
smtpmailaddr in smtpsession.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session...
Exim Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...
SAP NetWeaver AS ABAP Command Injection Vulnerability
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A command injection vulnerability exists in SAP NetWeaver AS ABAP, which can be exploited by an attacker to inse...
OpenBSD OpenSMTPD 6.6 Remote Code Execution Exploit
smtpmailaddr in smtpsession.c in OpenSMTPD version 6.6, as used in OpenBSD version 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default...
OpenBSD OpenSMTPD 6.6 Remote Code Execution
Exploit Title: OpenBSD OpenSMTPD Remote Code Execution Vulnerability Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 6.6 Description: smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute...
Remote Code Execution (RCE)
opensmtpd:bionic is vulnerable to denial of service DoS. smtpmailaddr in smtpsession.c allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The...
OpenSMTPD Remote Command Execution Vulnerability
OpenSMTPD is a free server-side implementation of the SMTP protocol developed by the OpenBSD team, defined via RFC5321 and part of the OpenBSD project. A remote command execution vulnerability exists in OpenSMTPD. It allows remote attackers to execute arbitrary commands as root via a specially...
CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
Input validation
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...
PT-2020-1569 · Openbsd +1 · Opensmtpd +1
Name of the Vulnerable Software and Affected Versions: OpenSMTPD versions 6.6 Description: The issue is related to the smtp mailaddr function in the smtp session.c file of the OpenSMTPD mail daemon, which is used in OpenBSD and other products. It allows remote attackers to execute arbitrary...