RSS   Vulnerabilities for 'Hastymail'   RSS

2006-10-17
 
CVE-2006-5313

CWE-20
 

 
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.

 
2006-10-12
 
CVE-2006-5262

CWE-Other
 

 
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.

 
2004-12-31
 
CVE-2004-2704

 

 
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.

 

 >>> Vendor: Hastymail 2 Products
Hastymail
Hastymail2


Copyright 2024, cxsecurity.com

 

Back to Top