CVE-2024-27938 – SMTP Smuggling in Postal
https://notcve.org/view.php?id=CVE-2024-27938
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has 'authorised' to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `<CR><LF>` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. • https://github.com/postalserver/postal/commit/0140dc4 https://github.com/postalserver/postal/security/advisories/GHSA-j42r-6c99-hqf2 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide https://www.postfix.org/smtp-smuggling.html • CWE-116: Improper Encoding or Escaping of Output •
CVE-2008-7011 – Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-7011
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set. El motor de Unreal, el utilizado en Unreal Tournament v3 1.3, Unreal Tournament 2003 y 2004, Dead Man's Hand, Pariah, WarPath, Postal2, y Shadow Ops, permite a usuarios remotos autenticados producir una denegación de servicio (salida de servidor) a través de múltiples descargas de ficheros desde el servidor, lo que inicia un fallo de aserción cuando la marca (flag) de cierre en UnChan.cpp esta activado. • https://www.exploit-db.com/exploits/32386 http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html http://osvdb.org/48293 http://www.securityfocus.com/archive/1/496399/100/0/threaded http://www.securityfocus.com/bid/31205 • CWE-399: Resource Management Errors •