Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bcc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2314
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
5.4
CVSSv3
CVE-2022-29976
An Authenticated Reflected Cross-site scripting at BCC Parameter exists in MDaemon prior to 22.0.0 .
Altn Mdaemon
4.3
CVSSv3
CVE-2020-1775
BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.
Otrs Otrs
NA
CVE-2000-0524
Microsoft Outlook and Outlook Express allow remote malicious users to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
Microsoft Exchange Server 4.0
Microsoft Exchange Server 5.0
Microsoft Outlook 97
NA
CVE-2014-5369
Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.
Enigmail Enigmail 1.7.2
Enigmail Enigmail 1.7
1 Article
NA
CVE-2002-1771
Matt Wright FormMail 1.9 and previous versions allows remote malicious users to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
Matt Wright Formmail 1.3
Matt Wright Formmail 1.4
Matt Wright Formmail 1.0
Matt Wright Formmail 1.7
Matt Wright Formmail 1.8
Matt Wright Formmail 1.1
Matt Wright Formmail 1.2
Matt Wright Formmail 1.9
Matt Wright Formmail 1.5
Matt Wright Formmail 1.6
NA
CVE-2002-1917
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote malicious users to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Geeklog Geeklog 1.35
Geeklog Geeklog 1.3.5 Sr1
6.5
CVSSv3
CVE-2021-21435
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
Otrs Otrs
NA
CVE-2008-7281
Open Ticket Request System (OTRS) prior to 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote malicious users to obtain potentially sensitive e-mail address information by reading this field.
Otrs Otrs 2.1.4
Otrs Otrs 2.1.6
Otrs Otrs 2.0.2
Otrs Otrs 2.0.3
Otrs Otrs 0.5
Otrs Otrs 1.0
Otrs Otrs 1.1.1
Otrs Otrs 2.0.0
Otrs Otrs 1.1.2
Otrs Otrs 1.2.0
Otrs Otrs 1.3.0
Otrs Otrs 2.2.0
Otrs Otrs 2.2.3
Otrs Otrs 2.2.5
Otrs Otrs 2.1.0
Otrs Otrs 2.1.9
Otrs Otrs 2.1.2
Otrs Otrs 2.1.1
Otrs Otrs 2.0.4
Otrs Otrs 1.0.0
Otrs Otrs 1.3.1
Otrs Otrs 2.0.5
NA
CVE-2007-0399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
Simple Machines Simple Machines Forum 1.1 Rc3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »