CVE-2006-5313
- EPSS 0.99%
- Published 17.10.2006 17:07:00
- Last modified 09.04.2025 00:30:58
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configur...
CVE-2006-5262
- EPSS 7.74%
- Published 12.10.2006 22:07:00
- Last modified 09.04.2025 00:30:58
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if th...
CVE-2004-2704
- EPSS 25.15%
- Published 31.12.2004 05:00:00
- Last modified 03.04.2025 01:03:51
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim c...