37 matches found
EUVD-2024-48177
Malicious code in bioql PyPI...
CVE-2024-7209
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender...
CVE-2024-7209 CVE-2024-7209
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender...
CVE-2024-7209 CVE-2024-7209
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender...
CVE-2024-7209
CVE-2024-7209 concerns a weakness in shared SPF records used by multi-tenant hosting providers, enabling attackers to spoof the sender identity via network-level access. The CVSS vector (Network, Low/Low privileges, No user interaction) indicates exploitable remotely if SPF trust is not enforced;...
PT-2024-38170 · Bird +1 · Fastmail +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identity o...
Check your DNS! Abandoned domains used to bypass spam checks
Researchers at Guardio Labs have discovered that a group of spammers is using long-forgotten subdomains from established brands like MSN, eBay, CBS, and Marvel to send out malicious emails. The emails can bypass spam checks and to recipients they look like they come from a legitimate source. A...
Spoofy - Program That Checks If A List Of Domains Can Be Spoofed Based On SPF And DMARC Records
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records. You may be asking, "Why do we need another tool that can check if a domain can be spoofed?" Well, Spoofy is different and here is why: 1. Authoritative lookups on all lookups with known fallback...
SUSE CVE-2021-33912
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...
no spoofing protection on email domain (No Valid SPF Records.)
What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...
libspf2 buffer overflow vulnerability (CNVD-2022-19088)
libspf2 is a library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that an email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. libspf2 suffers from a...
ALPINE-CVE-2021-33913
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...
Ruby: Bug Report : [ No Valid SPF Records ]
Hi Team, Hope you are doing well. I found vulnerability in your web app URL : https://www.ruby-lang.org/en/s Description : There is an email spoofing vulnerability. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than...
UPchieve: No Valid SPF Records/don't have DMARC record
I have already reported this isssue through email and the company has accepted my report. Hiii, There is any issue No valid SPF Records on https://app.upchieve.org Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears t...
Sifchain: No Valid SPF Records/don't have DMARC record
Hiii, There is any issue No valid SPF Records on https://sifchain.finance/ Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing ...
O1 Labs: SPF Records
The vulnerability was that you can spoof their email address and then the attacker can send emails from their email address which could lead to sending fake emails or attempts of phishing. To see if you can send an email of a target domain you need to check if it has an SPF Sender Policy Framewor...
WHO COVID-19 Mobile App: DMARC and SPF records
If you are encountering this error of No DMARC Record found, this means that your domain does not have a published DMARC record. DMARC Records are published via DNS as a textTXT record. They will let receiving servers know what they should do with non-aligned email received from your domain...
Basecamp: DNS Setup allows sending mail on behalf of other customers
Sent on your behalf I knew basecamp themselves had used helpscout for support, so I was curious to see if hey was doing the same. A quick DNS lookup gave me the answer I was looking for: dig hey.com txt ; DiG 9.10.6 hey.com txt ;; global options: +cmd ;; Got answer: ;; -HEADER DiG 9.10.6...
Kubernetes: Fake email from <any_name>@kubernetes.io to any other email
Hi, I just found an issue No Valid SPF Records in your mail server @kubernetes.io Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email...
Kubernetes: There is any issue No valid SPF Records
There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an...