Lucene search
+L

12 matches found

Github Security Blog
Github Security Blog
added 2026/03/18 4:17 p.m.9 views

The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class

Description The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

8.8CVSS5.9AI score0.00215EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : rsyslog-5.8.10-2.AXS4 (AXSA:2012-586:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-586:02 advisory. Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine...

2.1CVSS5.8AI score0.0042EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.11 views

TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool

Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...

7.8CVSS7.7AI score0.00165EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/01/13 1:3 p.m.3 views

Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to deserialization of files without any class restrictions. A local attacker can execute arbitrary PHP code by crafting a...

7.8CVSS7.5AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 11:54 a.m.2 views

CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...

5.2CVSS7.2AI score0.00165EPSS
Exploits0References4
Prion
Prion
added 2021/05/06 1:15 p.m.45 views

Command injection

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS9.3AI score0.04139EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2021/05/06 4:16 a.m.57 views

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS8.1AI score0.04139EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2021/05/06 4:16 a.m.41 views

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS8.3AI score0.04139EPSS
Exploits1
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.22 views

CentOS Update for rsyslog CESA-2012:0796 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

2.1CVSS5.2AI score0.0042EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/06/22 12:0 a.m.29 views

RedHat Update for rsyslog RHSA-2012:0796-04

Check for the Version of rsyslog OpenVAS Vulnerability Test RedHat Update for rsyslog RHSA-2012:0796-04 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

2.1CVSS6.4AI score0.0042EPSS
Exploits0References2
CERT
CERT
added 2003/10/27 12:0 a.m.38 views

Linux groff utility pic contains format string vulnerability

Overview The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code. Description groff is an image processing package on Linux systems. A component of groff called pic contains a format-string...

7.5CVSS6.9AI score0.11438EPSS
Exploits1References1
NVD
NVD
added 2003/03/03 5:0 a.m.20 views

CVE-2002-1509

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group mode 660, which allows other users in the same group to read or modify the new user's incoming email...

3.6CVSS6.5AI score0.00373EPSS
Exploits0References4
Rows per page
Query Builder