CVE-2016-4877
https://notcve.org/view.php?id=CVE-2016-4877
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting en el plugin Mail en baserCMS versión 3.0.10 y anteriores permite a los atacantes autenticados remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://basercms.net/security/JVN92765814 http://www.securityfocus.com/bid/93217 https://jvn.jp/en/jp/JVN92765814/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4879
https://notcve.org/view.php?id=CVE-2016-4879
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Mail para baserCMS en versiones 3.0.10 y anteriores, que permitiría a atacantes remotos secuestrar la autenticación de los administradores a través de vectores no especificados. • http://basercms.net/security/JVN92765814 http://www.securityfocus.com/bid/93217 https://jvn.jp/en/jp/JVN92765814/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2011-0739
https://notcve.org/view.php?id=CVE-2011-0739
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. La función de entrega en el agente de entrega de sendmail (lib/mail/network/delivery_methods/sendmail.rb)para Ruby Mail gem v2.2.14 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres cubiertos en una dirección de correo electrónico. • http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1 http://osvdb.org/70667 http://secunia.com/advisories/43077 http://www.securityfocus.com/bid/46021 http://www.vupen.com/english/advisories/2011/0233 https://exchange.xforce.ibmcloud.com/vulnerabilities/65010 https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch • CWE-20: Improper Input Validation •
CVE-2009-4111
https://notcve.org/view.php?id=CVE-2009-4111
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Vulnerabilidad de inyección de argumento en Mail/sendmail.php en Mail package v1.1.14, v1.2.0b2, y probablemente otras versiones para PEAR permite a atacantes remotos leer y escribir archivos de su elección a través del parámetro $recipients manipulado y probablemente otros parámetros, una vulnerabilidad diferente que CVE-2009-4023. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://pear.php.net/bugs/bug.php?id=16200 http://secunia.com/advisories/37458 http://www.debian.org/security/2009/dsa-1938 http://www.openwall.com/lists/oss-security/2009/11/23/8 http://www.openwall.com/lists/oss-security/2009/11/28/2 http://www.securityfocus.com/bid/37395 https://bugs.gentoo.org/show_bug.cgi?id=294256 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-1505
https://notcve.org/view.php?id=CVE-2005-1505
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. • http://marc.info/?l=bugtraq&m=111539448630095&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/20670 •