Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 6:8 p.m.9 views

CVE-1999-0353

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory...

9.3CVSS7AI score0.02415EPSS
Exploits0References1
OSV
OSV
added 2023/11/22 6:15 p.m.5 views

CVE-2023-47251

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers with access to a VNC session to automatically transfer malicious PDF documents by moving them into the .spool directory, and then...

6.5CVSS5.8AI score0.0173EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.3 views

m-privacy TightGate-Pro Server Security Vulnerability

The m-privacy TightGate-Pro Server is a remote control browser system from the German company m-privacy. A security vulnerability exists in m-privacy TightGate-Pro Server versions prior to 2.0.406g, which originated from a vulnerability that allows an authenticated attacker to automatically...

6.5CVSS6.5AI score0.0173EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.4 views

SUSE CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spooldirectory directive...

7.8CVSS9.2AI score0.17794EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.9AI score0.00538EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.1 views

SUSE CVE-2020-28008

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...

7.8CVSS8AI score0.00407EPSS
Exploits3References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.4 views

SUSE CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8CVSS8.5AI score0.09285EPSS
Exploits1References6
OSV
OSV
added 2023/01/26 9:15 p.m.5 views

UBUNTU-CVE-2020-36657

uptimed before 0.4.6-r1 on Gentoo allows local users with access to the uptimed user account to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call...

7.8CVSS7.1AI score0.0041EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.3 views

PT-2023-11825 · Uptime · Uptimed

Name of the Vulnerable Software and Affected Versions: uptimed versions prior to 0.4.6-r1 Description: The issue allows local users with access to the uptimed user account to gain root privileges. This is achieved by creating a hard link within the /var/spool/uptimed directory, taking advantage o...

7.8CVSS6.9AI score0.0041EPSS
Exploits1References9
Openbugbounty
Openbugbounty
added 2022/05/11 3:37 p.m.8 views

spool-manufacturer.com Cross Site Scripting vulnerability OBB-2615473

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.7 views

The vulnerability of the spool_read_header() function in the Exim message transport agent allows attackers to bypass security restrictions due to insufficient input validation.

The vulnerability of the spoolreadheader function in the Exim mail agent is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to circumvent security restrictions remotely...

9.3CVSS7.3AI score0.09285EPSS
Exploits1References16Affected Software6
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/20 12:0 a.m.83 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0753-1 Rating: critical References: 1079832 1136587 1142207 1154183 1160726 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-10149...

10CVSS8AI score0.99961EPSS
Exploits59References9
OpenVAS
OpenVAS
added 2021/05/08 12:0 a.m.29 views

openSUSE: Security Advisory for exim (openSUSE-SU-2021:0677-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS8.4AI score0.99961EPSS
Exploits58References4
OSV
OSV
added 2021/05/06 1:15 p.m.1 views

DEBIAN-CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8CVSS8.2AI score0.09285EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.0 views

DEBIAN-CVE-2020-28008

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...

7.8CVSS7.7AI score0.00407EPSS
Exploits3References1
NVD
NVD
added 2021/05/06 1:15 p.m.15 views

CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8CVSS0.09285EPSS
Exploits1References1
Prion
Prion
added 2021/05/06 1:15 p.m.44 views

Command injection

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS9.3AI score0.0406EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2021/05/06 4:41 a.m.71 views

CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8CVSS8.4AI score0.09285EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2021/05/06 4:16 a.m.55 views

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS8.1AI score0.0406EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2021/05/06 4:16 a.m.40 views

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS8.3AI score0.0406EPSS
Exploits1
Rows per page
Query Builder