Email Security Vulnerabilities
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this...
8.8CVSS
8.9AI Score
0.005EPSS
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this...
8.8CVSS
9.1AI Score
0.008EPSS
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this...
8.8CVSS
9.2AI Score
0.009EPSS
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this...
8.8CVSS
8.9AI Score
0.005EPSS
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit....
7CVSS
6.8AI Score
0.0005EPSS
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this...
6.5CVSS
6.6AI Score
0.001EPSS
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store....
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5......
7.5CVSS
7.2AI Score
0.001EPSS
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable...
5.4CVSS
6.8AI Score
0.002EPSS
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target...
9.8CVSS
9.8AI Score
0.007EPSS
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable...
5.4CVSS
6.4AI Score
0.001EPSS
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target...
9.8CVSS
9.8AI Score
0.004EPSS
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target...
6.8CVSS
7.8AI Score
0.001EPSS
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update...
6.5CVSS
7.7AI Score
0.004EPSS
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration...
4.3CVSS
6.6AI Score
0.001EPSS
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration...
9.8CVSS
9.3AI Score
0.007EPSS
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable...
9.8CVSS
9.5AI Score
0.01EPSS
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their...
8.1CVSS
8.6AI Score
0.003EPSS
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable...
7.8CVSS
9AI Score
0.001EPSS
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled...
8.8CVSS
9AI Score
0.002EPSS
A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability.....
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber...
7.5CVSS
7.4AI Score
0.699EPSS
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential....
7.8CVSS
7.9AI Score
0.0004EPSS
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable...
7.8CVSS
7.9AI Score
0.031EPSS
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a.....
5.8CVSS
5.7AI Score
0.002EPSS
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are....
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...
5.3CVSS
5.2AI Score
0.001EPSS
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are....
6.1CVSS
6.1AI Score
0.001EPSS
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are....
6.1CVSS
6.1AI Score
0.001EPSS
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are....
6.1CVSS
6.1AI Score
0.001EPSS
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified...
7.5CVSS
7.5AI Score
0.002EPSS
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted...
9.8CVSS
9.4AI Score
0.208EPSS
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted,.....
7.1CVSS
7AI Score
0.003EPSS
A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The.....
5.8CVSS
5.7AI Score
0.001EPSS
A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...
4.3CVSS
4.4AI Score
0.001EPSS
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP...
7.5CVSS
7.4AI Score
0.003EPSS
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly...
7.5CVSS
7.5AI Score
0.013EPSS
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of....
6.1CVSS
5.9AI Score
0.002EPSS
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior...
6.1CVSS
6.1AI Score
0.001EPSS
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for...
5.5CVSS
5.1AI Score
0.004EPSS
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for...
5.5CVSS
5.1AI Score
0.006EPSS
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename...
6.5CVSS
6.3AI Score
0.001EPSS
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This....
5.8CVSS
5.7AI Score
0.003EPSS
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This...
5.8CVSS
5.7AI Score
0.001EPSS
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via....
8.2CVSS
8.3AI Score
0.001EPSS
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via....
8.2CVSS
8.3AI Score
0.001EPSS
A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the.....
5.8CVSS
5.7AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information:...
6.1CVSS
5.9AI Score
0.001EPSS