Search criteria
9 vulnerabilities found for slmail by seattlelab
VAR-199804-0010
Vulnerability from variot - Updated: 2025-04-03 22:14Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. apple's AppleShare Unspecified vulnerabilities exist in products from multiple vendors.None. The issue presents itself due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. A remote attacker may exploit this condition to trigger a denial-of-service in the affected daemon. Sendmail 8.8.8 is affected; earlier versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199804-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mercury mail server",
"scope": "eq",
"trust": 1.6,
"vendor": "pmail",
"version": null
},
{
"model": "appleshare",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "slmail",
"scope": "eq",
"trust": 1.0,
"vendor": "seattlelab",
"version": "2.6"
},
{
"model": "slmail",
"scope": null,
"trust": 0.8,
"vendor": "seattlelab",
"version": null
},
{
"model": "mercury mail transport system",
"scope": null,
"trust": 0.8,
"vendor": "pegasus mail",
"version": null
},
{
"model": "appleshare",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.14.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.14.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.9"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "consortium sendmail beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.65"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.61"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.59"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "4.55"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "4.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.11"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.10.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.10"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.5"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.4"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.3"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.2"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.x"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.6"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.5"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.4"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.3"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.2"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.x"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.6.10"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.6.9"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.6.x"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "5.59"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "5.58"
},
{
"model": "consortium sendmail",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.0"
}
],
"sources": [
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rootshell.com",
"sources": [
{
"db": "BID",
"id": "49431"
}
],
"trust": 0.3
},
"cve": "CVE-1999-0098",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0098",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-98",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0098",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-1999-0098",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-199804-003",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-98",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. apple\u0027s AppleShare Unspecified vulnerabilities exist in products from multiple vendors.None. \nThe issue presents itself due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. A remote attacker may exploit this condition to trigger a denial-of-service in the affected daemon. \nSendmail 8.8.8 is affected; earlier versions may also be vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0098"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "VULHUB",
"id": "VHN-98"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0098",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003",
"trust": 0.7
},
{
"db": "BID",
"id": "49431",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-98",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"id": "VAR-199804-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:14:24.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.pmail.com/overviews/ovw_mercwin.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0098"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-1999-0098"
},
{
"trust": 0.3,
"url": "http://marc.info/?l=bugtraq\u0026m=90221101925991\u0026w=2"
},
{
"trust": 0.3,
"url": "http://marc.info/?l=bugtraq\u0026m=90221101926003\u0026w=2"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1998-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-98"
},
{
"date": "1998-04-01T00:00:00",
"db": "BID",
"id": "49431"
},
{
"date": "2024-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"date": "1998-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"date": "1998-04-01T05:00:00",
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-98"
},
{
"date": "1998-04-01T00:00:00",
"db": "BID",
"id": "49431"
},
{
"date": "2024-05-13T09:05:00",
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0AppleShare\u00a0 Vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
}
],
"trust": 0.6
}
}
CVE-2023-4595 (GCVE-0-2023-4595)
Vulnerability from nvd – Published: 2023-11-23 12:38 – Updated: 2024-08-02 07:31
VLAI?
Title
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
Summary
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
Severity ?
7.5 (High)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"impacts": [
{
"capecId": "CAPEC-95",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-95 WSDL Scanning"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:38:04.999Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4595",
"datePublished": "2023-11-23T12:38:04.999Z",
"dateReserved": "2023-08-29T08:30:24.615Z",
"dateUpdated": "2024-08-02T07:31:06.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4594 (GCVE-0-2023-4594)
Vulnerability from nvd – Published: 2023-11-23 12:35 – Updated: 2024-11-21 19:31
VLAI?
Title
Cross-site Scripting in BVRP Software SLmail
Summary
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-04T16:21:45.995679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:31:32.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:35:23.929Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4594",
"datePublished": "2023-11-23T12:35:23.929Z",
"dateReserved": "2023-08-29T08:30:23.551Z",
"dateUpdated": "2024-11-21T19:31:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4593 (GCVE-0-2023-4593)
Vulnerability from nvd – Published: 2023-11-23 12:31 – Updated: 2024-10-01 14:49
VLAI?
Title
Path Traversal in BVRP Software SLmail
Summary
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:49:42.118692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:49:56.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:31:38.141Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4593",
"datePublished": "2023-11-23T12:31:38.141Z",
"dateReserved": "2023-08-29T08:30:22.264Z",
"dateUpdated": "2024-10-01T14:49:56.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0098 (GCVE-0-1999-0098)
Vulnerability from nvd – Published: 2000-02-04 05:00 – Updated: 2024-08-01 16:27
VLAI?
Summary
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:39:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0098",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4595 (GCVE-0-2023-4595)
Vulnerability from cvelistv5 – Published: 2023-11-23 12:38 – Updated: 2024-08-02 07:31
VLAI?
Title
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
Summary
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
Severity ?
7.5 (High)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"impacts": [
{
"capecId": "CAPEC-95",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-95 WSDL Scanning"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:38:04.999Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4595",
"datePublished": "2023-11-23T12:38:04.999Z",
"dateReserved": "2023-08-29T08:30:24.615Z",
"dateUpdated": "2024-08-02T07:31:06.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4594 (GCVE-0-2023-4594)
Vulnerability from cvelistv5 – Published: 2023-11-23 12:35 – Updated: 2024-11-21 19:31
VLAI?
Title
Cross-site Scripting in BVRP Software SLmail
Summary
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-04T16:21:45.995679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:31:32.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:35:23.929Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4594",
"datePublished": "2023-11-23T12:35:23.929Z",
"dateReserved": "2023-08-29T08:30:23.551Z",
"dateUpdated": "2024-11-21T19:31:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4593 (GCVE-0-2023-4593)
Vulnerability from cvelistv5 – Published: 2023-11-23 12:31 – Updated: 2024-10-01 14:49
VLAI?
Title
Path Traversal in BVRP Software SLmail
Summary
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:49:42.118692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:49:56.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:31:38.141Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4593",
"datePublished": "2023-11-23T12:31:38.141Z",
"dateReserved": "2023-08-29T08:30:22.264Z",
"dateUpdated": "2024-10-01T14:49:56.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0098 (GCVE-0-1999-0098)
Vulnerability from cvelistv5 – Published: 2000-02-04 05:00 – Updated: 2024-08-01 16:27
VLAI?
Summary
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:39:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0098",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}