Filtered by vendor Hastymail Subscriptions
Filtered by product Hastymail Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-5313 1 Hastymail 1 Hastymail 2024-11-21 N/A
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.
CVE-2006-5262 1 Hastymail 1 Hastymail 2024-11-21 N/A
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
CVE-2004-2704 2 Hastymail, Microsoft 2 Hastymail, Internet Explorer 2024-11-20 N/A
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.