Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bcc vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2007-0399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
Simple Machines Simple Machines Forum 1.1 Rc3
1 EDB exploit
445
VMScore
CVE-2004-2137
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote malicious users to obtain sensitive informat...
Microsoft Outlook Express 6.0
383
VMScore
CVE-2009-4352
Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and previous versions, and possibly other versions prior to 2003.0139.0939, allow remote malicious users to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc...
Transware Active Mail 2003
445
VMScore
CVE-2006-3778
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail ...
Ibm Lotus Notes 6.0
Ibm Lotus Notes 6.5
Ibm Lotus Notes 7.0
828
VMScore
CVE-2007-5399
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote malicious users to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority...
Ibm Lotus Notes 6.0
Ibm Lotus Notes 6.5
Ibm Lotus Notes 7.0.3
Autonomy Keyview 10.3.0.0
Ibm Lotus Notes 7.0
Ibm Lotus Notes 7.0.2
445
VMScore
CVE-2002-1575
cgiemail allows remote malicious users to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
Mit Cgiemail 1.6
NA
CVE-2022-46168
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Mos...
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
NA
CVE-2021-47128
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SE...
435
VMScore
CVE-2007-3227
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote malicious users to inject arbitrary web script via the input values.
Rubyonrails Rails 1.1.5
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2