558 matches found
CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...
CVE-2024-4465
CVE-2024-4465 describes an access control vulnerability in the Reports section of Guardian/CMC prior to version 24.2.0. A logged-in user with reporting privileges can discover a method to create a specific application request and make limited changes to the reporting configuration, risking partia...
Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0
Summary An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. Impact If a logged-in user with reporting privileges learns how to create a specific application request, they might be...
SMTP Open Relay Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP Open Relay Detection', 'Description' = %q This module tests if an SMTP server will accept via a code 250 an e-mail by using a variation of...
Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others. "These emails...
HP Printer Information Disclosure Vulnerability (HPSBPI03941)
Multiple HP printers are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
CVE-2024-5143
The CVE-2024-5143 entry describes a vulnerability in HP LaserJet Pro printers where a user with device administrative privileges can modify SMTP server settings without re‑entering credentials. This can redirect send‑to‑email traffic to an attacker‑controlled SMTP server and potentially expose th...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
CVE-2023-44427
D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
ROS-20240408-16
A vulnerability in SendMail SMTP Server software is related to insufficient data authentication data. Exploitation of the vulnerability could allow a remote attacker to bypass the security mechanism and inject e-mail messages with a spoofed MAIL FROM address. security mechanism and inject e-mail...
CVE-2024-28092
UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...
CVE-2024-28186
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...
Design/Logic Flaw
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...
CVE-2024-28186 SMTP Mail Credentials Disclosed in Error Log in freescout
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...
CVE-2024-28186 SMTP Mail Credentials Disclosed in Error Log in freescout
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...
CVE-2024-27938 SMTP Smuggling in Postal
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...
CVE-2024-27938
CVE-2024-27938 concerns Postal, an open source SMTP server. The vulnerability affects Postal versions older than 3.0.0 and enables SMTP Smuggling, potentially allowing an incoming email to be spoofed as if sent from a server the recipient user authorized. The impact is limited to inbound mail flo...
BIT-GRAFANA-2023-2183
Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...
CVE-2023-51726
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...