Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mail on update project mail on update vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2107
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin prior to 5.2.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mail...
Mail On Update Project Mail On Update
Mail On Update Project Mail On Update 5.0.0
1 EDB exploit
9.1
CVSSv3
CVE-2018-6596
webhooks/base.py in Anymail (aka django-anymail) prior to 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote malicious users to post arbitrary e-mail tracking events.
Django-anymail Project Django-anymail
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
89 Github repositories
7.5
CVSSv3
CVE-2017-6802
An issue exists in ytnef prior to 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.
Ytnef Project Ytnef
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
118 Github repositories
9.8
CVSSv3
CVE-2018-11780
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin prior to 3.4.2.
Apache Spamassassin
Pdfinfo Project Pdfinfo -
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2005-1513
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
Qmail Project Qmail -
Canonical Ubuntu Linux 20.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
NA
CVE-2011-3372
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x prior to 2.4.12 allows remote malicious users to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Cyrus Imapd
NA
CVE-2015-1464
RT (aka Request Tracker) prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to hijack sessions via an RSS feed URL.
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Bestpractical Request Tracker 4.2.9
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.7
NA
CVE-2014-9472
The email gateway in RT (aka Request Tracker) 3.0.0 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to cause a denial of service (CPU and disk consumption) via a crafted email.
Debian Debian Linux 7.0
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Bestpractical Request Tracker 3.8.16
Bestpractical Request Tracker 3.8.17
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.0.16
Bestpractical Request Tracker 4.0.17
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.9
Bestpractical Request Tracker 3.6.10
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.15
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »