Search criteria
13 vulnerabilities found for slmail by seattlelab
VAR-199804-0010
Vulnerability from variot - Updated: 2024-05-15 22:53Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. apple's AppleShare Unspecified vulnerabilities exist in products from multiple vendors.None. The issue presents itself due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. A remote attacker may exploit this condition to trigger a denial-of-service in the affected daemon. Sendmail 8.8.8 is affected; earlier versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199804-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mercury mail server",
"scope": "eq",
"trust": 1.6,
"vendor": "pmail",
"version": null
},
{
"model": "slmail",
"scope": "eq",
"trust": 1.0,
"vendor": "seattlelab",
"version": "2.6"
},
{
"model": "appleshare",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "slmail",
"scope": null,
"trust": 0.8,
"vendor": "seattlelab",
"version": null
},
{
"model": "mercury mail transport system",
"scope": null,
"trust": 0.8,
"vendor": "pegasus mail",
"version": null
},
{
"model": "appleshare",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.14.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.14.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.13.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.9"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "consortium sendmail beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.65"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.61"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.59"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "4.55"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "4.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.11"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.10.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.10"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.5"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.4"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.3"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.2"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8.x"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.8"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.6"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.5"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.4"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.3"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.2"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.1"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.7.x"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.6.10"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.6.9"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "8.6.x"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "5.59"
},
{
"model": "allman sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "eric",
"version": "5.58"
},
{
"model": "consortium sendmail",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.0"
}
],
"sources": [
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:appleshare:-:*:*:ja:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pmail:mercury_mail_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:seattlelab:slmail:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rootshell.com",
"sources": [
{
"db": "BID",
"id": "49431"
}
],
"trust": 0.3
},
"cve": "CVE-1999-0098",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-1999-0098",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-98",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-0098",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199804-003",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-98",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. apple\u0027s AppleShare Unspecified vulnerabilities exist in products from multiple vendors.None. \nThe issue presents itself due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. A remote attacker may exploit this condition to trigger a denial-of-service in the affected daemon. \nSendmail 8.8.8 is affected; earlier versions may also be vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0098"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "VULHUB",
"id": "VHN-98"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0098",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003",
"trust": 0.7
},
{
"db": "BID",
"id": "49431",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-98",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"id": "VAR-199804-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
}
],
"trust": 0.01
},
"last_update_date": "2024-05-15T22:53:31.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.pmail.com/overviews/ovw_mercwin.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0098"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-1999-0098"
},
{
"trust": 0.3,
"url": "http://marc.info/?l=bugtraq\u0026m=90221101925991\u0026w=2"
},
{
"trust": 0.3,
"url": "http://marc.info/?l=bugtraq\u0026m=90221101926003\u0026w=2"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-98"
},
{
"db": "BID",
"id": "49431"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1998-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-98"
},
{
"date": "1998-04-01T00:00:00",
"db": "BID",
"id": "49431"
},
{
"date": "2024-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"date": "1998-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"date": "1998-04-01T05:00:00",
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-98"
},
{
"date": "1998-04-01T00:00:00",
"db": "BID",
"id": "49431"
},
{
"date": "2024-05-13T09:05:00",
"db": "JVNDB",
"id": "JVNDB-1998-000021"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199804-003"
},
{
"date": "2022-08-17T07:15:10.917000",
"db": "NVD",
"id": "CVE-1999-0098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0AppleShare\u00a0 Vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199804-003"
}
],
"trust": 0.6
}
}
FKIE_CVE-2023-4594
Vulnerability from fkie_nvd - Published: 2023-11-23 13:15 - Updated: 2024-11-21 08:35
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seattlelab | slmail | 5.5.0.4433 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*",
"matchCriteriaId": "2301420C-71AE-459C-AF45-05F5387D3638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS almacenada. Esta vulnerabilidad podr\u00eda permitir a un atacante almacenar un payload de JavaScript malicioso mediante m\u00e9todos GET y POST en m\u00faltiples par\u00e1metros en el archivo MailAdmin_dll.htm."
}
],
"id": "CVE-2023-4594",
"lastModified": "2024-11-21T08:35:30.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T13:15:12.347",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4595
Vulnerability from fkie_nvd - Published: 2023-11-23 13:15 - Updated: 2024-11-21 08:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seattlelab | slmail | 5.5.0.4433 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*",
"matchCriteriaId": "2301420C-71AE-459C-AF45-05F5387D3638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de exposici\u00f3n de informaci\u00f3n, cuya explotaci\u00f3n podr\u00eda permitir a un usuario remoto recuperar informaci\u00f3n confidencial almacenada en el servidor, como archivos de credenciales, archivos de configuraci\u00f3n, archivos de aplicaciones, etc., simplemente agregando cualquiera de los siguientes par\u00e1metros al final de la URL: %00 %0a, %20, %2a, %a0, %aa, %c0 y %ca."
}
],
"id": "CVE-2023-4595",
"lastModified": "2024-11-21T08:35:30.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T13:15:12.533",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-538"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4593
Vulnerability from fkie_nvd - Published: 2023-11-23 13:15 - Updated: 2024-11-21 08:35
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seattlelab | slmail | 5.5.0.4433 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*",
"matchCriteriaId": "2301420C-71AE-459C-AF45-05F5387D3638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
},
{
"lang": "es",
"value": "Vulnerabilidad de Path Traversal cuya explotaci\u00f3n podr\u00eda permitir a un usuario remoto autenticado eludir las restricciones previstas por SecurityManager y enumerar un directorio principal a trav\u00e9s de cualquier nombre de archivo, como un valor m\u00faltiple ..%2F que afecta el par\u00e1metro \u0027dodoc\u0027 en el archivo /MailAdmin_dll.htm."
}
],
"id": "CVE-2023-4593",
"lastModified": "2024-11-21T08:35:30.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T13:15:11.810",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-1999-0098
Vulnerability from fkie_nvd - Published: 1998-04-01 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | appleshare | - | |
| pmail | mercury_mail_server | - | |
| seattlelab | slmail | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:appleshare:-:*:*:ja:*:*:*:*",
"matchCriteriaId": "AB3E4751-4BC6-427E-BA98-6CD414D38AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmail:mercury_mail_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF801926-9C57-4BB9-A55A-FC35E86623B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:seattlelab:slmail:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65AE12AD-FD84-47F2-B8DB-B147EBC0C94B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
],
"id": "CVE-1999-0098",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1998-04-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-4595 (GCVE-0-2023-4595)
Vulnerability from cvelistv5 – Published: 2023-11-23 12:38 – Updated: 2024-08-02 07:31
VLAI?
Title
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
Summary
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
Severity ?
7.5 (High)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"impacts": [
{
"capecId": "CAPEC-95",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-95 WSDL Scanning"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:38:04.999Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4595",
"datePublished": "2023-11-23T12:38:04.999Z",
"dateReserved": "2023-08-29T08:30:24.615Z",
"dateUpdated": "2024-08-02T07:31:06.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4594 (GCVE-0-2023-4594)
Vulnerability from cvelistv5 – Published: 2023-11-23 12:35 – Updated: 2024-11-21 19:31
VLAI?
Title
Cross-site Scripting in BVRP Software SLmail
Summary
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-04T16:21:45.995679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:31:32.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:35:23.929Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4594",
"datePublished": "2023-11-23T12:35:23.929Z",
"dateReserved": "2023-08-29T08:30:23.551Z",
"dateUpdated": "2024-11-21T19:31:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4593 (GCVE-0-2023-4593)
Vulnerability from cvelistv5 – Published: 2023-11-23 12:31 – Updated: 2024-10-01 14:49
VLAI?
Title
Path Traversal in BVRP Software SLmail
Summary
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:49:42.118692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:49:56.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:31:38.141Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4593",
"datePublished": "2023-11-23T12:31:38.141Z",
"dateReserved": "2023-08-29T08:30:22.264Z",
"dateUpdated": "2024-10-01T14:49:56.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0098 (GCVE-0-1999-0098)
Vulnerability from cvelistv5 – Published: 2000-02-04 05:00 – Updated: 2024-08-01 16:27
VLAI?
Summary
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:39:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0098",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4595 (GCVE-0-2023-4595)
Vulnerability from nvd – Published: 2023-11-23 12:38 – Updated: 2024-08-02 07:31
VLAI?
Title
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
Summary
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
Severity ?
7.5 (High)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
}
],
"impacts": [
{
"capecId": "CAPEC-95",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-95 WSDL Scanning"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:38:04.999Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4595",
"datePublished": "2023-11-23T12:38:04.999Z",
"dateReserved": "2023-08-29T08:30:24.615Z",
"dateUpdated": "2024-08-02T07:31:06.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4594 (GCVE-0-2023-4594)
Vulnerability from nvd – Published: 2023-11-23 12:35 – Updated: 2024-11-21 19:31
VLAI?
Title
Cross-site Scripting in BVRP Software SLmail
Summary
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-04T16:21:45.995679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:31:32.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:35:23.929Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4594",
"datePublished": "2023-11-23T12:35:23.929Z",
"dateReserved": "2023-08-29T08:30:23.551Z",
"dateUpdated": "2024-11-21T19:31:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4593 (GCVE-0-2023-4593)
Vulnerability from nvd – Published: 2023-11-23 12:31 – Updated: 2024-10-01 14:49
VLAI?
Title
Path Traversal in BVRP Software SLmail
Summary
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BVRP Software | SLmail |
Affected:
5.5.0.4433
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:49:42.118692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:49:56.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SLmail",
"vendor": "BVRP Software",
"versions": [
{
"status": "affected",
"version": "5.5.0.4433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2023-11-23T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager\u0027s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the \u0027dodoc\u0027 parameter in the /MailAdmin_dll.htm file."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T12:31:38.141Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at the moment."
}
],
"value": "There is no reported solution at the moment."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in BVRP Software SLmail",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4593",
"datePublished": "2023-11-23T12:31:38.141Z",
"dateReserved": "2023-08-29T08:30:22.264Z",
"dateUpdated": "2024-10-01T14:49:56.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0098 (GCVE-0-1999-0098)
Vulnerability from nvd – Published: 2000-02-04 05:00 – Updated: 2024-08-01 16:27
VLAI?
Summary
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:39:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0098",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}