Lucene search
K
Matt WrightFormmail

8 matches found

CVE
CVE
added 1999/09/29 4:0 a.m.68 views

CVE-1999-0173

CVE-1999-0173 relates to the FormMail CGI program, with multiple sources confirming that it can be used by web servers other than the host where it resides. The connected documentation identifies the affected component as FormMail CGI, but does not provide a detailed root cause or a confirmed fix...

5CVSS7.4AI score0.0483EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.60 views

CVE-1999-0172

The CVE-1999-0172 entry corresponds to the FormMail CGI (formmail.pl) vulnerability. Public docs describe a well-known security flaw in the FormMail CGI that lets remote attackers execute arbitrary commands on the server with the privileges of the HTTP daemon (often root or nobody). Affected comp...

7.5CVSS7AI score0.03291EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.53 views

CVE-2000-0411

CVE-2000-0411 concerns Matt Wright’s FormMail CGI script. The vulnerability allows remote attackers to obtain environmental variables via the env_report parameter, potentially exposing sensitive system information. Connected PT-2000-1353 notes affected versions are not specified and provides no f...

5CVSS7AI score0.0736EPSS
CVE
CVE
added 2009/05/22 8:0 p.m.53 views

CVE-2009-1776

CVE-2009-1776 affects Matt Wright FormMail’s FormMail.pl (FormMail 1.92 and possibly earlier). The vulnerability allows cross-site scripting via javascript: URIs in the (1) request and (2) return_link_url parameters, enabling remote attackers to inject arbitrary script/HTML in victims’ browsers. ...

4.3CVSS6AI score0.01462EPSS
CVE
CVE
added 2001/07/27 4:0 a.m.52 views

CVE-2001-0357

FormMail vulnerability CVE-2001-0357 affects FormMail.pl (FormMail) 1.6 and earlier. An attacker can remotely modify recipient and message parameters to send anonymous email, effectively enabling spam through the vulnerable script. Connected OpenVAS data identifies affected versions (All versions...

7.5CVSS6.5AI score0.01351EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.51 views

CVE-2002-2109

CVE-2002-2109 affects Matt Wright FormMail 1.9 and earlier. The vulnerability allows remote attackers to bypass the HTTP_REFERER check and perform unauthorized activities by exploiting: (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3)...

7.5CVSS7.1AI score0.02686EPSS
CVE
CVE
added 2009/05/22 8:0 p.m.50 views

CVE-2009-1777

CVE-2009-1777 : CRLF injection vulnerability in Matt Wright FormMail 1.92 (and possibly earlier) allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the redirect parameter. The vulnerability arises from insufficient input sanitization in FormMail.pl, e...

5CVSS7.3AI score0.01972EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.45 views

CVE-2002-1771

FormMail 1.9 and earlier contains a newline-injection flaw in the email/realname CGI variables that allows remote attackers to inject CC/BCC/TO fields, enabling spam or anonymous email. Affected component is the FormMail mailing script; impact is remote abuse without authentication. The provided ...

5CVSS7.1AI score0.01351EPSS