Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendmail sendmail vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
1 Github repository
516
VMScore
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer c...
F5 Nginx
Sendmail Sendmail
Vsftpd Project Vsftpd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
1 Github repository
505
VMScore
CVE-2009-1490
Heap-based buffer overflow in Sendmail prior to 8.13.2 allows remote malicious users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
Sendmail Sendmail 2.6.2
Sendmail Sendmail 8.9.2
Sendmail Sendmail 8.12.11
Sendmail Sendmail 8.11.4
Sendmail Sendmail 8.8.8
Sendmail Sendmail 8.11.7
Sendmail Sendmail 2.6.1
Sendmail Sendmail 8.12
Sendmail Sendmail 5
Sendmail Sendmail 2.6
Sendmail Sendmail 8.11.1
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.12.3
Sendmail Sendmail 8.11.3
Sendmail Sendmail 8.12.8
Sendmail Sendmail 8.6.7
Sendmail Sendmail 8.7.9
Sendmail Sendmail 5.59
Sendmail Sendmail 5.61
Sendmail Sendmail 8.12.9
Sendmail Sendmail 8.9.1
Sendmail Sendmail 3.0.1
1 EDB exploit
505
VMScore
CVE-1999-1109
Sendmail prior to 8.10.0 allows remote malicious users to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
Sendmail Sendmail
1 EDB exploit
505
VMScore
CVE-1999-0393
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
Eric Allman Sendmail 8.9.2
Eric Allman Sendmail 8.8
1 EDB exploit
480
VMScore
CVE-2001-0653
Sendmail 8.10.0 up to and including 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
Sendmail Sendmail 8.11.4
Sendmail Sendmail 8.12
Sendmail Sendmail 8.11.1
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.11.3
Sendmail Sendmail 8.11.2
Sendmail Sendmail 8.11.5
4 EDB exploits
465
VMScore
CVE-2002-1165
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows malicious users to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2)...
Sendmail Sendmail 8.12.3
Sendmail Sendmail 8.12.4
Sendmail Sendmail 8.12.1
Sendmail Sendmail 8.12.5
Sendmail Sendmail 8.12.0
Sendmail Sendmail 8.12.6
Sendmail Sendmail 8.12.2
Netbsd Netbsd 1.5.3
Netbsd Netbsd 1.6
Netbsd Netbsd 1.5
Netbsd Netbsd 1.5.1
Netbsd Netbsd 1.5.2
1 EDB exploit
446
VMScore
CVE-2020-28247
The lettre library up to and including 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
Lettre Lettre 0.10.0
Lettre Lettre 0.7.0
Lettre Lettre
445
VMScore
CVE-2007-4538
email_in.pl in Bugzilla 2.23.4 up to and including 3.0.0 allows remote malicious users to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.9
445
VMScore
CVE-2006-4434
Use-after-free vulnerability in Sendmail prior to 8.13.8 allows remote malicious users to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of thi...
Sendmail Sendmail
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »