Lucene search
K

374 matches found

Veracode
Veracode
added 2024/02/28 12:16 p.m.19 views

SMTP Smuggling

Apache James is vulnerable to SMTP Smuggling. The vulnerability is due to the lenient behavior in line delimiter handling which creates a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypas...

7.1CVSS7AI score0.01045EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/27 3:30 p.m.13 views

GHSA-P5Q9-86W4-2XR5 SMTP smuggling in Apache James

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/02/27 3:30 p.m.30 views

SMTP smuggling in Apache James

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS7AI score0.01045EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/02/27 2:15 p.m.56 views

CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.3AI score0.01045EPSS
Exploits0References4
Prion
Prion
added 2024/02/27 2:15 p.m.31 views

Design/Logic Flaw

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7AI score0.01045EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/27 1:8 p.m.17 views

CVE-2023-51747 SMTP smuggling in Apache James

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

6.8AI score0.01045EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/02/26 2:10 p.m.47 views

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation

More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.45 views

Ubuntu 16.04 LTS : Libspf2 vulnerabilities (USN-6584-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-2 advisory. USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and...

9.8CVSS7.6AI score0.09643EPSS
Exploits2References3
Veracode
Veracode
added 2024/02/19 2:4 a.m.31 views

SMTP Smuggling

sendmail is vulnerable to SMTP Smuggling. The vulnerability is due to injecting email messages with a spoofed MAIL FROM address using sendmail supports . sequence which allows malicious emails to be accepted as legitimate and leads to bypass of SPF protection mechanisms...

5.3CVSS6.6AI score0.01073EPSS
Exploits2References18Affected Software1
GithubExploit
GithubExploit
added 2024/02/16 9:10 p.m.233 views

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 - POC Usage: python CVE-2024-21413.py -...

9.8CVSS9.5AI score0.9466EPSS
Exploits30
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.33 views

Amazon Linux AMI : postfix (ALAS-2024-1914)

The version of postfix installed on the remote host is prior to 2.6.6-2.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1914 advisory. Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and...

5.3CVSS5.8AI score0.02598EPSS
Exploits4References4
Amazon
Amazon
added 2024/02/05 12:0 a.m.28 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS5.6AI score0.02598EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/01/31 12:0 a.m.35 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Postfix update (USN-6591-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6591-2 advisory. USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last...

5.3CVSS5.6AI score0.02598EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/01/31 12:0 a.m.30 views

Slackware Linux 15.0 / current sendmail Vulnerability (SSA:2024-031-01)

The version of sendmail installed on the remote host is prior to 8.18.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-031-01 advisory. - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation...

5.3CVSS5.7AI score0.01073EPSS
Exploits2References2
Debian
Debian
added 2024/01/30 12:49 p.m.24 views

[SECURITY] [DLA 3725-1] postfix security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3725-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 30, 2024 https://wiki.debian.org/LTS -...

5.3CVSS5.1AI score0.02598EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/01/30 12:0 a.m.70 views

Debian dla-3725 : postfix - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3725 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3725-1 [email protected] https://www.debian.org/lts/security/...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References4
GithubExploit
GithubExploit
added 2024/01/29 5:8 p.m.513 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2023-35636 Microsoft Outlook Information Disclosure Vulner...

6.5CVSS6.8AI score0.17559EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/29 10:52 a.m.42 views

USN-6611-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...

5.3CVSS7.4AI score0.01072EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/01/29 12:0 a.m.58 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Exim vulnerability (USN-6611-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6611-1 advisory. It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published...

5.3CVSS7.3AI score0.01072EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.31 views

Amazon Linux AMI : exim (ALAS-2024-1908)

The version of exim installed on the remote host is prior to 4.92-1.40. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1908 advisory. Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...

5.3CVSS7.3AI score0.01072EPSS
Exploits1References4
Rows per page
Query Builder