Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache spamassassin vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote malicious users to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Georg Greve Spamassassin Milter Plugin 0.3.1
1 EDB exploit
890
VMScore
CVE-2020-1946
In Apache SpamAssassin prior to 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use...
Apache Spamassassin
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
828
VMScore
CVE-2020-1930
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios inclu...
Apache Spamassassin
828
VMScore
CVE-2020-1931
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Th...
Apache Spamassassin
668
VMScore
CVE-2018-11780
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin prior to 3.4.2.
Apache Spamassassin
Pdfinfo Project Pdfinfo -
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
642
VMScore
CVE-2016-1238
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpa...
Debian Debian Linux 8.0
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Perl Perl 5.003 92
Perl Perl 5.21.1
Perl Perl 5.9.3
Perl Perl 5.14.1
Perl Perl 5.8.0
Perl Perl 5.003 97
Perl Perl 5.6.0
Perl Perl 5.17.11
Perl Perl 5.24.1
Perl Perl 5.16.0
Perl Perl 5.19.6
Perl Perl 5.22.3
Perl Perl 5.17.4
Perl Perl 5.003 03
Perl Perl 5.18.4
Perl Perl 5.18.2
Perl Perl 5.8.4
Perl Perl 5.15.6
Perl Perl 5.004 04
4 Github repositories
641
VMScore
CVE-2018-11805
In Apache SpamAssassin prior to 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update chan...
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
520
VMScore
CVE-2006-2447
SpamAssassin prior to 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote malicious users to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Apache Spamassassin 3.1.2
Apache Spamassassin 3.1.0
Apache Spamassassin 3.1.1
2 EDB exploits
445
VMScore
CVE-2019-12420
In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
445
VMScore
CVE-2005-3351
SpamAssassin 3.0.4 allows malicious users to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
Apache Spamassassin 3.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »