374 matches found
SMTP Smuggling
Apache James is vulnerable to SMTP Smuggling. The vulnerability is due to the lenient behavior in line delimiter handling which creates a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypas...
GHSA-P5Q9-86W4-2XR5 SMTP smuggling in Apache James
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...
SMTP smuggling in Apache James
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...
CVE-2023-51747
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...
Design/Logic Flaw
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...
CVE-2023-51747 SMTP smuggling in Apache James
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...
Ubuntu 16.04 LTS : Libspf2 vulnerabilities (USN-6584-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-2 advisory. USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and...
SMTP Smuggling
sendmail is vulnerable to SMTP Smuggling. The vulnerability is due to injecting email messages with a spoofed MAIL FROM address using sendmail supports . sequence which allows malicious emails to be accepted as legitimate and leads to bypass of SPF protection mechanisms...
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 - POC Usage: python CVE-2024-21413.py -...
Amazon Linux AMI : postfix (ALAS-2024-1914)
The version of postfix installed on the remote host is prior to 2.6.6-2.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1914 advisory. Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and...
Important: postfix
Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Postfix update (USN-6591-2)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6591-2 advisory. USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last...
Slackware Linux 15.0 / current sendmail Vulnerability (SSA:2024-031-01)
The version of sendmail installed on the remote host is prior to 8.18.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-031-01 advisory. - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation...
[SECURITY] [DLA 3725-1] postfix security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3725-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 30, 2024 https://wiki.debian.org/LTS -...
Debian dla-3725 : postfix - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3725 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3725-1 [email protected] https://www.debian.org/lts/security/...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulner...
USN-6611-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Exim vulnerability (USN-6611-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6611-1 advisory. It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published...
Amazon Linux AMI : exim (ALAS-2024-1908)
The version of exim installed on the remote host is prior to 4.92-1.40. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1908 advisory. Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...