CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2831
https://notcve.org/view.php?id=CVE-2008-2831
Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders. Múltiples vulnerabilidades de secuencias de commandos en sitios cruzados (XSS) en la delegación de la gestión de spam en función del componente Spam Quarantine Management (SQM) en MailMarshal SMTP v6.0.3.8 hasta v6.3.0.0 permite a usuarios remotos autenticados asistidos por el usuario inyectar web script o HTML de su elección a través de (1) la lista de remitentes bloqueados o (2) la lista de remitentes seguros. • http://secunia.com/advisories/32062 http://www.dcsl.ul.ie/marshal.htm http://www.marshal.com/kb/article.aspx?id=12175 http://www.securityfocus.com/bid/31483 https://exchange.xforce.ibmcloud.com/vulnerabilities/45509 https://exchange.xforce.ibmcloud.com/vulnerabilities/45511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 23%CPEs: 1EXPL: 1CVE-2008-0394 – Citadel SMTP 7.10 - Remote Overflow
https://notcve.org/view.php?id=CVE-2008-0394
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. Desbordamiento de búfer en Citadel SMTP server 7.10 y anteriores permite a atacantes remotos ejecutgar código de su elección a través del comando largos RCTP TO, el cual no es manejado de forma adecuada por la función makeuserkey. NOTA: algunos de estos detalles se obtuvieron de terceras fuentes de información. • https://www.exploit-db.com/exploits/4949 http://secunia.com/advisories/28590 http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz http://www.securityfocus.com/bid/27376 http://www.securitytracker.com/id?1019255 http://www.vupen.com/english/advisories/2008/0252 https://exchange.xforce.ibmcloud.com/vulnerabilities/39807 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •