Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendmail vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2001-0713
Sendmail prior to 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1...
Sendmail Sendmail
4.6
CVSSv2
CVE-2001-0653
Sendmail 8.10.0 up to and including 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
Sendmail Sendmail 8.12
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.11.1
Sendmail Sendmail 8.11.2
Sendmail Sendmail 8.11.3
Sendmail Sendmail 8.11.4
Sendmail Sendmail 8.11.5
4 EDB exploits
4.6
CVSSv2
CVE-2001-0588
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local malicious user to gain additional privileges via a buffer overflow in the first argument to the command.
Sco Openserver 5.0.6
4.6
CVSSv2
CVE-1999-0129
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Eric Allman Sendmail 8.8.2
Eric Allman Sendmail 8.8.1
Eric Allman Sendmail 8.8.3
Eric Allman Sendmail 8.8
Sco Openserver 5.0
Sun Sunos 5.3
Sun Sunos 4.1.4
Hp Hp-ux 10.01
Sun Solaris 2.4
Hp Hp-ux 10.00
Sun Solaris 2.5.1
Sun Solaris 2.5
Ibm Aix 4.2
Sco Openserver 5.0.2
Sco Internet Faststart 1.0
Sun Sunos 5.5
Sco Internet Faststart 1.1
Bsdi Bsd Os 2.1
Hp Hp-ux 10.16
Ibm Aix 3.2
Sun Sunos 4.1.3u1
Freebsd Freebsd 2.1.6
4.3
CVSSv2
CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an malicious user to steal environment variables via specially crafted email addresses.
Gitlab Gitlab
4.3
CVSSv2
CVE-2018-14512
An XSS vulnerability exists in WUZHI CMS 4.1.0. There is persistent XSS that allows remote malicious users to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "syste...
Wuzhicms Wuzhi Cms 4.1.0
4.3
CVSSv2
CVE-2014-8809
Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin prior to 14.11 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text param...
Wpsymposiumpro Wp Symposium
4.3
CVSSv2
CVE-2006-7176
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and previous versions does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote malicious users to spoof messages.
Sendmail Sendmail 8.13.1.2
4
CVSSv2
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
Analogic Poste.io 2.1.6
3.7
CVSSv2
CVE-2001-1349
Sendmail prior to 8.11.4, and 8.12.0 prior to 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
Sendmail Sendmail 8.10.1
Sendmail Sendmail 8.11.2
Sendmail Sendmail 8.11.3
Sendmail Sendmail 8.12
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.10
Sendmail Sendmail 8.10.2
Sendmail Sendmail 8.11.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »