cbcvebase.

Mit Cgiemail vulnerabilities

6 known vulnerabilities affecting mit/cgiemail.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2017-5613P2HIGHCVSS 7.8Exploited≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5613 [HIGH] CVE-2017-5613: Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
osv
CVE-2002-1652P4HIGHCVSS 7.5PoCv1.62002-12-31
CVE-2002-1652 [HIGH] CVE-2002-1652: Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (c Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
nvd
CVE-2017-5616P4MEDIUMCVSS 6.1≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5616 [MEDIUM] CVE-2017-5616: Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum param Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
osv
CVE-2017-5615P4MEDIUMCVSS 6.1≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5615 [MEDIUM] CVE-2017-5615: cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
osv
CVE-2017-5614P4MEDIUMCVSS 6.1≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5614 [MEDIUM] CVE-2017-5614: Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
osv
CVE-2002-1575P4MEDIUMCVSS 5.0v1.62004-03-03
CVE-2002-1575 [MEDIUM] CVE-2002-1575: cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newli cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
nvd
Mit Cgiemail vulnerabilities | cvebase