mail on update project mail on update vulnerabilities and exploits

(subscribe to this query)

NA

Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin prior to 5.2.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mail...

Mail On Update Project Mail On Update Mail On Update Project Mail On Update 5.0.0

1 EDB exploit

9.1

CVSSv3

webhooks/base.py in Anymail (aka django-anymail) prior to 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote malicious users to post arbitrary e-mail tracking events.

Django-anymail Project Django-anymail Debian Debian Linux 9.0

9.8

CVSSv3

The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...

Phpmailer Project Phpmailer Wordpress Wordpress Joomla Joomla\\!

3 EDB exploits89 Github repositories

7.5

CVSSv3

An issue exists in ytnef prior to 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.

Ytnef Project Ytnef Debian Debian Linux 8.0 Debian Debian Linux 9.0

9.8

CVSSv3

The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Phpmailer Project Phpmailer Wordpress Wordpress Joomla Joomla\\!

9 EDB exploits118 Github repositories

9.8

CVSSv3

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin prior to 3.4.2.

Apache Spamassassin Pdfinfo Project Pdfinfo -Debian Debian Linux 8.0 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 18.04

9.8

CVSSv3

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

Qmail Project Qmail -Canonical Ubuntu Linux 20.04 Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0

1 Github repository

NA

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x prior to 2.4.12 allows remote malicious users to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Cyrus Imapd

NA

RT (aka Request Tracker) prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to hijack sessions via an RSS feed URL.

Fedoraproject Fedora 22 Fedoraproject Fedora 21 Bestpractical Request Tracker 4.2.9 Bestpractical Request Tracker 4.2.1 Bestpractical Request Tracker 4.2.2 Bestpractical Request Tracker 4.2.3 Bestpractical Request Tracker 4.2.4 Bestpractical Request Tracker Bestpractical Request Tracker 4.2.6 Bestpractical Request Tracker 4.2.8 Bestpractical Request Tracker 4.2.0 Bestpractical Request Tracker 4.2.5 Bestpractical Request Tracker 4.2.7

NA

The email gateway in RT (aka Request Tracker) 3.0.0 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to cause a denial of service (CPU and disk consumption) via a crafted email.

Get Started

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook