VYPR

Cgiemail

by Mit

CVEs (2)

  • CVE-2002-1652Dec 31, 2002
    risk 0.04cvss epss 0.08

    Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.

  • CVE-2002-1575Mar 3, 2004
    risk 0.00cvss epss 0.01

    cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.