CVE-2024-5193 – Ritlabs TinyWeb Server Request crlf injection
https://notcve.org/view.php?id=CVE-2024-5193
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic. Affected is an unknown function of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to launch the attack remotely. • https://github.com/DMCERTCE/CRLF_Tiny https://vuldb.com/?ctiid.265830 https://vuldb.com/?id.265830 https://vuldb.com/?submit.333059 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2017-17689
https://notcve.org/view.php?id=CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. La especificación S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL. • http://www.securityfocus.com/bid/104165 https://efail.de https://news.ycombinator.com/item?id=17066419 https://pastebin.com/gNCc8aYm https://twitter.com/matthew_d_green/status/996371541591019520 https://www.synology.com/support/security/Synology_SA_18_22 •
CVE-2006-0918
https://notcve.org/view.php?id=CVE-2006-0918
Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field. • http://secunia.com/advisories/18989 http://securityreason.com/securityalert/485 http://www.nsag.ru/vuln/953.html http://www.securityfocus.com/archive/1/425936/100/0/threaded http://www.securityfocus.com/bid/16797 http://www.vupen.com/english/advisories/2006/0717 https://exchange.xforce.ibmcloud.com/vulnerabilities/24882 •
CVE-2006-0630
https://notcve.org/view.php?id=CVE-2006-0630
RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041973.html http://secunia.com/advisories/18713 http://www.security.nnov.ru/advisories/thebatspoof.asp http://www.securityfocus.com/archive/1/424129/100/0/threaded http://www.securityfocus.com/bid/16515 https://exchange.xforce.ibmcloud.com/vulnerabilities/24535 https://www.ritlabs.com/bt/bug_view_advanced_page.php?bug_id=0003029 •
CVE-2003-1133
https://notcve.org/view.php?id=CVE-2003-1133
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages. • http://securitytracker.com/id?1008004 http://www.securityfocus.com/archive/1/342485 http://www.securityfocus.com/bid/8891 https://exchange.xforce.ibmcloud.com/vulnerabilities/13527 •