2 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. cgiemail permite a atacantes remotos usar cgiemail como un proxy de spam mediante una inyección CRLF (caractéres de retorno de carro y nueva línea) de carácteres de nueva línea codificados (%0a) en parámetros como "required subject", lo que puede hacer que se modifiquen parámetros CC, BCC y otros campos de cabecera en el correo electrónico generado. • http://marc.info/?l=bugtraq&m=102406554627053&w=2 http://marc.info/?l=bugtraq&m=106520691705768&w=2 http://www.debian.org/security/2004/dsa-437 http://www.securityfocus.com/bid/5013 https://exchange.xforce.ibmcloud.com/vulnerabilities/9361 •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 4

Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. • https://www.exploit-db.com/exploits/21998 http://securitytracker.com/id?1002395 http://www.kb.cert.org/vuls/id/185251 http://www.securiteam.com/exploits/5TP0W005FE.html http://www.securityfocus.com/bid/6141 https://exchange.xforce.ibmcloud.com/vulnerabilities/10595 •