Mit Cgiemail vulnerabilities
6 known vulnerabilities affecting mit/cgiemail.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2017-5613P2HIGHCVSS 7.8Exploited≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5613 [HIGH] CVE-2017-5613: Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
osv
CVE-2002-1652P4HIGHCVSS 7.5PoCv1.62002-12-31
CVE-2002-1652 [HIGH] CVE-2002-1652: Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (c
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
nvd
CVE-2017-5616P4MEDIUMCVSS 6.1≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5616 [MEDIUM] CVE-2017-5616: Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum param
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
osv
CVE-2017-5615P4MEDIUMCVSS 6.1≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5615 [MEDIUM] CVE-2017-5615: cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
osv
CVE-2017-5614P4MEDIUMCVSS 6.1≥ 0, < 1.6-37+deb7u1build0.14.04.1≥ 0, < 1.6-37+deb7u1build0.16.04.12017-03-03
CVE-2017-5614 [MEDIUM] CVE-2017-5614: Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
osv
CVE-2002-1575P4MEDIUMCVSS 5.0v1.62004-03-03
CVE-2002-1575 [MEDIUM] CVE-2002-1575: cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newli
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
nvd