Search criteria

2 vulnerabilities found for FORM2MAIL by CGI RESCUE

JVNDB-2009-000023

Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35
Severity ?
() - -
Summary
FORM2MAIL from CGI RESCUE allows unauthorized email transmission
Details
FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. This vulnerability has been fixed and an updated version was released on December 13, 2008.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html",
  "dc:date": "2009-04-28T16:35+09:00",
  "dcterms:issued": "2009-04-28T16:35+09:00",
  "dcterms:modified": "2009-04-28T16:35+09:00",
  "description": "FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nFORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:form2mail",
    "@product": "FORM2MAIL",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000023",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN76370393/index.html",
      "@id": "JVN#76370393",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1590",
      "@id": "CVE-2009-1590",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1590",
      "@id": "CVE-2009-1590",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/34869",
      "@id": "SA34869",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://osvdb.org/54097",
      "@id": "54097",
      "@source": "OSVDB"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.html",
      "@id": "JVNDB-2009-000023",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "FORM2MAIL from CGI RESCUE allows unauthorized email transmission"
}

JVNDB-2006-000624

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
() - -
Summary
CGI RESCUE WebFORM allows unauthorized email transmission
Details
WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:form2mail",
    "@product": "FORM2MAIL",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000624",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
      "@id": "JVN#39570254",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2944",
      "@id": "CVE-2006-2944",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2944",
      "@id": "CVE-2006-2944",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/20515",
      "@id": "SA20515",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18434",
      "@id": "18434",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/2234",
      "@id": "FrSIRT/ADV-2006-2234",
      "@source": "FRSIRT"
    }
  ],
  "title": "CGI RESCUE WebFORM allows unauthorized email transmission"
}