Lucene search
K

558 matches found

Vulnrichment
Vulnrichment
added 2024/09/11 2:45 p.m.14 views

CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...

6CVSS5.1AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 2:45 p.m.66 views

CVE-2024-4465

CVE-2024-4465 describes an access control vulnerability in the Reports section of Guardian/CMC prior to version 24.2.0. A logged-in user with reporting privileges can discover a method to create a specific application request and make limited changes to the reporting configuration, risking partia...

6CVSS5.1AI score0.00221EPSS
Exploits0References1Affected Software2
NOZOMI
NOZOMI
added 2024/09/11 12:0 a.m.7 views

Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

Summary An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. Impact If a logged-in user with reporting privileges learns how to create a specific application request, they might be...

6CVSS5.9AI score0.00221EPSS
Exploits0Affected Software2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.573 views

SMTP Open Relay Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP Open Relay Detection', 'Description' = %q This module tests if an SMTP server will accept via a code 250 an e-mail by using a variation of...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/29 1:19 p.m.31 views

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others. "These emails...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2024/07/23 12:0 a.m.11 views

HP Printer Information Disclosure Vulnerability (HPSBPI03941)

Multiple HP printers are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

6.8CVSS6.8AI score0.00402EPSS
Exploits0References1
NVD
NVD
added 2024/05/23 5:15 p.m.21 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.8CVSS6.6AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2024/05/23 4:58 p.m.2456 views

CVE-2024-5143

The CVE-2024-5143 entry describes a vulnerability in HP LaserJet Pro printers where a user with device administrative privileges can modify SMTP server settings without re‑entering credentials. This can redirect send‑to‑email traffic to an attacker‑controlled SMTP server and potentially expose th...

6.8CVSS6.8AI score0.00402EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/23 4:58 p.m.35 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.6AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.5 views

CVE-2023-44427

D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

8CVSS6.2AI score0.01114EPSS
Exploits0References1
Redos
Redos
added 2024/04/08 12:0 a.m.29 views

ROS-20240408-16

A vulnerability in SendMail SMTP Server software is related to insufficient data authentication data. Exploitation of the vulnerability could allow a remote attacker to bypass the security mechanism and inject e-mail messages with a spoofed MAIL FROM address. security mechanism and inject e-mail...

5.3CVSS6.9AI score0.01073EPSS
Exploits2
Cvelist
Cvelist
added 2024/03/19 12:0 a.m.31 views

CVE-2024-28092

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...

5.8AI score0.00534EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 8:15 p.m.31 views

CVE-2024-28186

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...

7.1CVSS6.9AI score0.00554EPSS
Exploits1References2
Prion
Prion
added 2024/03/12 8:15 p.m.50 views

Design/Logic Flaw

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...

5.5CVSS6.9AI score0.00554EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/12 7:36 p.m.13 views

CVE-2024-28186 SMTP Mail Credentials Disclosed in Error Log in freescout

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...

7.1CVSS6.6AI score0.00554EPSS
Exploits1References2
OSV
OSV
added 2024/03/12 7:36 p.m.26 views

CVE-2024-28186 SMTP Mail Credentials Disclosed in Error Log in freescout

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...

7.1CVSS6.9AI score0.00554EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/11 9:18 p.m.21 views

CVE-2024-27938 SMTP Smuggling in Postal

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

5.3CVSS5.5AI score0.00664EPSS
Exploits1References4
CVE
CVE
added 2024/03/11 9:18 p.m.93 views

CVE-2024-27938

CVE-2024-27938 concerns Postal, an open source SMTP server. The vulnerability affects Postal versions older than 3.0.0 and enables SMTP Smuggling, potentially allowing an incoming email to be spoofed as if sent from a server the recipient user authorized. The impact is limited to inbound mail flo...

5.3CVSS5.2AI score0.00664EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/03/06 10:53 a.m.21 views

BIT-GRAFANA-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

6.4CVSS5.3AI score0.01027EPSS
Exploits1References4
NVD
NVD
added 2024/01/17 7:15 a.m.15 views

CVE-2023-51726

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

6.9CVSS6.4AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder