Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendmail sendmail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2016-1004
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none
1 EDB exploit
NA
CVE-2016-1003
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descri...
1 EDB exploit
7.5
CVSSv2
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
116 Github repositories
7.5
CVSSv2
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary c...
Zend Zend Framework
Zend Zend-mail 2.6.2
Zend Zend-mail 2.7.0
Zend Zend-mail 2.7.1
Zend Zend-mail 2.5.0
Zend Zend-mail
Zend Zend-mail 2.6.0
Zend Zend-mail 2.6.1
Zend Zend-mail 2.5.1
Zend Zend-mail 2.5.2
3 EDB exploits
3 Github repositories
6
CVSSv2
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
1 Github repository
4.3
CVSSv2
CVE-2014-8809
Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin prior to 14.11 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text param...
Wpsymposiumpro Wp Symposium
1.9
CVSSv2
CVE-2014-3956
The sm_close_on_exec function in conf.c in sendmail prior to 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
Freebsd Freebsd
Hp Hpux
Fedoraproject Fedora 20
Sendmail Sendmail 8.7.7
Sendmail Sendmail 8.7.8
Sendmail Sendmail 8.10
Sendmail Sendmail 8.10.0
Sendmail Sendmail 8.10.1
Sendmail Sendmail 8.7.9
Sendmail Sendmail 8.8.8
Sendmail Sendmail 8.10.2
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.11.5
Sendmail Sendmail 8.11.6
Sendmail Sendmail 8.12.3
Sendmail Sendmail 8.12.4
Sendmail Sendmail 8.14.7
Sendmail Sendmail 8.14.6
Sendmail Sendmail 8.14.5
Sendmail Sendmail 8.13.7
Sendmail Sendmail 8.13.6
Sendmail Sendmail 8.11.7
6.8
CVSSv2
CVE-2013-3729
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS prior to 2 r1232 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail ...
Kasseler-cms Kasseler-cms
1 EDB exploit
7.5
CVSSv2
CVE-2012-2140
The Mail gem prior to 2.4.3 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
Rubygems Mail Gem
Rubygems Mail Gem 2.3.3
Rubygems Mail Gem 2.3.2
7.2
CVSSv2
CVE-2012-2200
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
Ibm Aix 6.1
Ibm Aix 7.1
Ibm Vios 2.2.1.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »