Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2021-33912
libspf2 prior to 1.2.11 has a four-byte heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_reco...
Libspf2 Project Libspf2
Debian Debian Linux 9.0
828
VMScore
CVE-2021-33913
libspf2 prior to 1.2.11 has a heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The a...
Libspf2 Project Libspf2
828
VMScore
CVE-2008-1949
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote malicious users to cause a denial of servi...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
805
VMScore
CVE-2010-4345
Exim 4.72 and previous versions allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Exim Exim 2.11
Exim Exim 4.70
Exim Exim 4.69
Exim Exim 4.66
Exim Exim 4.10
Exim Exim 3.16
Exim Exim 3.21
Exim Exim 3.01
Exim Exim 3.31
Exim Exim 4.24
Exim Exim 3.33
Exim Exim 3.30
Exim Exim
Exim Exim 4.30
Exim Exim 4.21
Exim Exim 4.03
Exim Exim 4.51
Exim Exim 4.71
Exim Exim 4.67
Exim Exim 4.63
Exim Exim 4.00
Exim Exim 4.43
1 EDB exploit
2 Metasploit modules
2 Nmap scripts
801
VMScore
CVE-2020-28021
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
Exim Exim
801
VMScore
CVE-2019-19920
sa-exim 4.2.1 allows malicious users to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
Sa-exim Project Sa-exim 4.2.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
792
VMScore
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
90 Github repositories
780
VMScore
CVE-2011-1764
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim prior to 4.76 might allow remote malicious users to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstra...
Exim Exim 4.50
Exim Exim 4.44
Exim Exim 4.63
Exim Exim 4.62
Exim Exim 4.61
Exim Exim 4.21
Exim Exim 4.22
Exim Exim 4.41
Exim Exim 4.40
Exim Exim 4.03
Exim Exim 4.02
Exim Exim 3.32
Exim Exim 3.31
Exim Exim 3.14
Exim Exim 3.13
Exim Exim 2.12
Exim Exim 2.11
Exim Exim 4.74
Exim Exim
Exim Exim 4.51
Exim Exim 4.30
Exim Exim 4.64
2 Nmap scripts
1 Github repository
766
VMScore
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary c...
Zend Zend Framework
Zend Zend-mail 2.6.2
Zend Zend-mail 2.7.0
Zend Zend-mail 2.7.1
Zend Zend-mail 2.5.0
Zend Zend-mail
Zend Zend-mail 2.6.0
Zend Zend-mail 2.6.1
Zend Zend-mail 2.5.1
Zend Zend-mail 2.5.2
3 EDB exploits
3 Github repositories
766
VMScore
CVE-2016-10074
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the ...
Swiftmailer Swiftmailer
3 EDB exploits
3 Github repositories
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »