recipient software vulnerabilities
vulnerabilities.aspcode.net
Searching recipient software vulnerabilities
Seattle Labs Emurl 2.0, and possibly earlier ve
attachments
|
attachment
|
directory
|
scripting
|
recipient
|
malicious
|
specific
|
possibly
|
versions
|
enabled
|
execute
|
message
|
Seattle
|
earlier
|
allows
|
e-mail
|
stores
|
which
|
Emurl
|
opens
|
file
|
Labs
|
ASP
|
Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.
HAMcards Postcard CGI script 1.0 allows remote
metacharacters
|
attackers
|
arbitrary
|
recipient
|
Postcard
|
HAMcards
|
commands
|
address
|
execute
|
script
|
allows
|
remote
|
email
|
shell
|
CGI
|
via
|
HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
LakeWeb Mail List CGI script allows remote atta
metacharacters
|
arbitrary
|
attackers
|
recipient
|
commands
|
address
|
execute
|
LakeWeb
|
remote
|
script
|
allows
|
shell
|
email
|
Mail
|
List
|
CGI
|
via
|
LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
A non-default configuration in TenFour TFS Gate
configuration
|
continuously
|
non-default
|
incorrect
|
recipient
|
addresses
|
messages
|
attacker
|
TenFour
|
Gateway
|
seconds
|
message
|
service
|
return
|
causes
|
allows
|
denial
|
sender
|
cause
|
every
|
which
|
via
|
TFS
|
try
|
A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds.
The file transfer component of AOL Instant Mess
component
|
Messenger
|
transfer
|
Instant
|
file
|
AOL
|
The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient.
McAfee WebShield SMTP 4.5 allows remote attacke
attackers
|
recipient
|
malformed
|
WebShield
|
service
|
denial
|
McAfee
|
allows
|
remote
|
field
|
cause
|
SMTP
|
via
|
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
FormMail.pl in FormMail 1.6 and earlier allows
FormMailpl
|
anonymous
|
attacker
|
FormMail
|
earlier
|
allows
|
remote
|
email
|
send
|
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
PGPMail.pl 1.31 allows remote attackers to exec
PGPMailpl
|
PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.
CardBoard 2.4 greeting card CGI by Michael Barr
metacharacters
|
attackers
|
arbitrary
|
recipient
|
CardBoard
|
greeting
|
commands
|
Barretto
|
execute
|
Michael
|
allows
|
remote
|
shell
|
field
|
card
|
CGI
|
via
|
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
A "potential buffer overflow in ruleset parsing
"potential
|
parsing"
|
Sendmail
|
overflow
|
ruleset
|
buffer
|
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
SQL injection vulnerability in SQLgrey Postfix
vulnerability
|
greylisting
|
injection
|
service
|
Postfix
|
SQLgrey
|
before
|
SQL
|
SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
Postfix 2.1.3, when /proc/net/if_inet6 is not a
Postfix
|
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
eGroupWare 1.0.6 and earlier, when an e-mail is
eGroupWare
|
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
CRLF injection vulnerability in mailback.pl in
vulnerability
|
mailbackpl
|
characters
|
addresses
|
including
|
attackers
|
recipient
|
injection
|
modifying
|
mailback
|
headers
|
Thauvin
|
Subject
|
newline
|
e-mail
|
remote
|
allows
|
proxy"
|
"spam
|
field
|
Erik
|
mail
|
CRLF
|
use
|
via
|
CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via newline characters in the Subject field.
The Microsoft Office Outlook Recipient ActiveX
Recipient
|
Microsoft
|
ActiveX
|
control
|
Outlook
|
Office
|
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
The SMTP service in MERCUR Messaging 2005 befor
Messaging
|
service
|
MERCUR
|
SMTP
|
The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
Cross-site scripting (XSS) vulnerability in mem
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
formmail.php in Jetbox CMS 2.1 allows remote at
formmailphp
|
arbitrary
|
attackers
|
e-mails
|
remote
|
Jetbox
|
allows
|
send
|
CMS
|
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
clamav-milter in ClamAV before 0.91.2, when run
clamav-milter
|
before
|
ClamAV
|
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
Software vulnerabilities results 1 to 20 of 23
Page:
1
2
►