7 matches found
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
SMTP command injection
Net::SMTP is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Applications that validate email address format are not affected by this vulnerability. The injection attack is...
PHPmailer -- SMTP injection vulnerability
PHPMailer changelog reports: Fix vulnerability that allowed email addresses with line breaks valid in RFC5322 to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada...
Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection
Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was...
CakePHP 2.3.7 / 2.2.8 Local File Inclusion
CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...
Struts2 2.3.15 Open Redirect
CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...
Chrome For Android Download Function Information Disclosure
CVE Number: CVE-2012-4906 Title: Chrome for Android - Download Function Information Disclosure Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Rogue Android apps can steal...