Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
email-address project email-address vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12558
The parse() method in the Email::Address module up to and including 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f"...
Email Address Module Project
5
CVSSv2
CVE-2015-8476
Multiple CRLF injection vulnerabilities in PHPMailer prior to 5.2.14 allow malicious users to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class....
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Phpmailer Project Phpmailer
5
CVSSv2
CVE-2014-4720
Email::Address module prior to 1.904 for Perl uses an inefficient regular expression, which allows remote malicious users to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.
Email Address Module Project
5
CVSSv2
CVE-2014-0477
The parse function in Email::Address module prior to 1.905 for Perl uses an inefficient regular expression, which allows remote malicious users to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.
Email Address Module Project
Fedoraproject Fedora
4.6
CVSSv2
CVE-2022-26779
Apache CloudStack before 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, c...
Apache Cloudstack
4.3
CVSSv2
CVE-2022-1761
The Peter’s Collaboration E-mails WordPress plugin up to and including 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
Peter's Collaboration E-mails Project Peter's Collaboration E-mails
4.3
CVSSv2
CVE-2019-13240
An issue exists in GLPI prior to 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
Glpi-project Glpi
4.3
CVSSv2
CVE-2019-8338
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and previous versions, does not verify the status of the signature at all, which allows remote malicious users to spoof arbitrary email signatures by crafting a signed email with an invalid signatu...
Gpg-pgp Project Gpg-pgp
4.3
CVSSv2
CVE-2018-19924
An issue exists in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
Sales & Company Management System Project Sales & Company Management System
4.3
CVSSv2
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
Mistune Project Mistune 0.7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »