Searching send mail software vulnerabilities

SMTP server in SLmail 3.1 and earlier allows re

attackers | arguments | malformed | commands | service | earlier | denial | server | allows | remote | SLmail | begin | whose | cause | SMTP | via |

SMTP server in SLmail 3.1 and earlier allows remote attackers to cause a denial of service via malformed commands whose arguments begin with a "(" (parenthesis) character, such as (1) SEND, (2) VRFY, (3) EXPN, (4) MAIL FROM, (5) RCPT TO.


register.cgi in Ikonboard 2.1.7b and earlier al

registercgi | references | overwrites | attackers | Ikonboard | arbitrary | SEND_MAIL | parameter | executed | variable | internal | commands | execute | program | earlier | allows | remote | which | 217b | via |

register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed.


mailto.exe in Brian Dorricott MAILTO 1.0.9 and

Dorricott | mailtoexe | MAILTO | Brian |

mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.


CGIscript.net csMailto.cgi program allows remot

CGIscriptnet | csMailtocgi | arbitrary | attackers | csMailto | modified | program | proxy" | allows | remote | users | "spam | send | mail | use | via |

CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.


Alt-N Technologies MDaemon 5.0.5.0 and earlier

Technologies | MDaemon | Alt-N |

Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.


Matt Wright FormMail 1.9 and earlier allows rem

attackers | character | anonymous | injecting | followed | FormMail | earlier | newline | e-mail | Wright | allows | remote | Matt | send | spam |

Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.


CRLF injection vulnerability in the "User Profi

vulnerability | injection | "User | CRLF |

CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.


Sendmail before 8.12.3 on Debian GNU/Linux, whe

Sendmail | before |

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.


iCal before 1.5.4 on Mac OS X 10.2.3, and other

before | iCal |

iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.


Postfix server for Apple Mac OS X 10.3.6, when

Postfix | server | Apple | Mac |

Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.


Multiple buffer overflows in MDaemon 6.5.1 allo

overflows | Multiple | MDaemon | buffer |

Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.


Barracuda Spam Firewall 3.1.10 and earlier does

Barracuda | Firewall | Spam |

Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.


CRLF injection vulnerability in bizmail.cgi in

vulnerability | bizmailcgi | attackers | sequences | parameter | injection | headers | bypass | e-mail | remote | forged | before | allows | check | email | Mail | Form | CRLF | spam | send | via | Biz |

CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.


eGroupWare 1.0.6 and earlier, when an e-mail is

eGroupWare |

eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.


The (1) lost password and (2) account pending f


The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).


CRLF injection vulnerability in the mb_send_mai

vulnerability | mb_send_mail | injection | function | before | CRLF | PHP |

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.


CRLF injection vulnerability in (1) include/inc

vulnerability | injection | CRLF |

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).


Unspecified vulnerability in MailDwarf 3.01 and

vulnerability | Unspecified | MailDwarf |

Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.


admin/send_mod.php in Gregory Kokanosky phpMyNe

admin/send_modphp | phpMyNewsletter | administrative | credentials | Kokanosky | attackers | Location | subject | compose | message | missing | request | earlier | Gregory | list_id | fields; | admin/ | format | direct | e-mail | header | prints | remote | allows | MsgId | value | which | beta5 | under | send | post | exit | does | via | but | not |

admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.


Webbler CMS before 3.1.6 does not properly rest

Webbler | before | CMS |

Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.


Software vulnerabilities results 1 to 20 of 689     
Page: 12345...35