8 matches found
CVE-1999-0173
CVE-1999-0173 relates to the FormMail CGI program, with multiple sources confirming that it can be used by web servers other than the host where it resides. The connected documentation identifies the affected component as FormMail CGI, but does not provide a detailed root cause or a confirmed fix...
CVE-1999-0172
The CVE-1999-0172 entry corresponds to the FormMail CGI (formmail.pl) vulnerability. Public docs describe a well-known security flaw in the FormMail CGI that lets remote attackers execute arbitrary commands on the server with the privileges of the HTTP daemon (often root or nobody). Affected comp...
CVE-2000-0411
CVE-2000-0411 concerns Matt Wright’s FormMail CGI script. The vulnerability allows remote attackers to obtain environmental variables via the env_report parameter, potentially exposing sensitive system information. Connected PT-2000-1353 notes affected versions are not specified and provides no f...
CVE-2009-1776
CVE-2009-1776 affects Matt Wright FormMail’s FormMail.pl (FormMail 1.92 and possibly earlier). The vulnerability allows cross-site scripting via javascript: URIs in the (1) request and (2) return_link_url parameters, enabling remote attackers to inject arbitrary script/HTML in victims’ browsers. ...
CVE-2001-0357
FormMail vulnerability CVE-2001-0357 affects FormMail.pl (FormMail) 1.6 and earlier. An attacker can remotely modify recipient and message parameters to send anonymous email, effectively enabling spam through the vulnerable script. Connected OpenVAS data identifies affected versions (All versions...
CVE-2002-2109
CVE-2002-2109 affects Matt Wright FormMail 1.9 and earlier. The vulnerability allows remote attackers to bypass the HTTP_REFERER check and perform unauthorized activities by exploiting: (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3)...
CVE-2009-1777
CVE-2009-1777 : CRLF injection vulnerability in Matt Wright FormMail 1.92 (and possibly earlier) allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the redirect parameter. The vulnerability arises from insufficient input sanitization in FormMail.pl, e...
CVE-2002-1771
FormMail 1.9 and earlier contains a newline-injection flaw in the email/realname CGI variables that allows remote attackers to inject CC/BCC/TO fields, enabling spam or anonymous email. Affected component is the FormMail mailing script; impact is remote abuse without authentication. The provided ...