Mark Esler wrote in
:
|To mitigate future end-of-data sequence attacks, like SMTP Smuggling, MTAs
|should comply with RFC 5321 section 4.1.1.4 [0] to strip control
|characters other than , , , and in the DATA section of
|SMTP messages.
Given that RFC 733 is from 1977 and RFC 822 is from 1982
Hi Mark,
On Mon, Apr 29, 2024 at 08:19:52PM -0500, Mark Esler wrote:
>
> To mitigate future end-of-data sequence attacks, like SMTP Smuggling,
> MTAs should comply with RFC 5321 section 4.1.1.4 [0] to strip control
> characters other than , , , and in the DATA section
> of SMTP messages.
This i
On Mon, Apr 29, 2024 at 08:19:52PM GMT, Mark Esler wrote:
> To mitigate future end-of-data sequence attacks, like SMTP
> Smuggling, MTAs should comply with RFC 5321 section 4.1.1.4 [0] to
> strip control characters other than , , , and in
> the DATA section of SMTP messages.
[...]
> As per RFC
CVE-2024-33905
On Sun, Apr 28, 2024 at 5:59 PM Pedro Batista wrote:
> Hi oss-security,
> I would like to share a vulnerability I reported on Telegram Web
> application which is Open Source (https://github.com/morethanwords/tweb).
> The vulnerability is a XSS that can be exploited to achieve sess
To mitigate future end-of-data sequence attacks, like SMTP Smuggling, MTAs
should comply with RFC 5321 section 4.1.1.4 [0] to strip control
characters other than , , , and in the DATA section of
SMTP messages.
> 4.1.1.4. DATA (DATA)
>
>The receiver normally sends a 354 response to DATA, and
Vegard Nossum wrote:
[...]
Hi,
Masquerading a shell command as a pkg-config variable definition is
trivial (but probably still detectable) since you can just do:
foobar=/usr echo hi
which AFAIK is a valid pkg-config variable definition but also a valid
shell command.
You are correct, but mak
On Thu, Apr 25, 2024 at 06:10:54PM +0200, Jonas Schäfer wrote:
> Hello list,
>
> Managesieve is a protocol to configure the email filtering system Sieve via
> TCP/IP. It is typically authenticated just like IMAP is. The managesieve
> client implementation in KDE (libksieve) had a bug which used
