Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bcc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5399
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote malicious users to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority...
Ibm Lotus Notes 6.0
Ibm Lotus Notes 6.5
Ibm Lotus Notes 7.0.3
Autonomy Keyview 10.3.0.0
Ibm Lotus Notes 7.0
Ibm Lotus Notes 7.0.2
NA
CVE-2007-3227
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote malicious users to inject arbitrary web script via the input values.
Rubyonrails Rails 1.1.5
1 EDB exploit
NA
CVE-2007-0399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
Simple Machines Simple Machines Forum 1.1 Rc3
1 EDB exploit
NA
CVE-2006-3778
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail ...
Ibm Lotus Notes 6.0
Ibm Lotus Notes 6.5
Ibm Lotus Notes 7.0
NA
CVE-2004-2137
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote malicious users to obtain sensitive informat...
Microsoft Outlook Express 6.0
NA
CVE-2002-1575
cgiemail allows remote malicious users to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
Mit Cgiemail 1.6
NA
CVE-2002-1771
Matt Wright FormMail 1.9 and previous versions allows remote malicious users to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
Matt Wright Formmail 1.3
Matt Wright Formmail 1.4
Matt Wright Formmail 1.0
Matt Wright Formmail 1.7
Matt Wright Formmail 1.8
Matt Wright Formmail 1.1
Matt Wright Formmail 1.2
Matt Wright Formmail 1.9
Matt Wright Formmail 1.5
Matt Wright Formmail 1.6
NA
CVE-2002-1917
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote malicious users to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Geeklog Geeklog 1.35
Geeklog Geeklog 1.3.5 Sr1
NA
CVE-2000-0524
Microsoft Outlook and Outlook Express allow remote malicious users to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
Microsoft Exchange Server 4.0
Microsoft Exchange Server 5.0
Microsoft Outlook 97
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2