Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
7.4AI Score
0.0004EPSS
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to...
9.1CVSS
7.3AI Score
0.0004EPSS
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUN_AS_USER, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUN_AS_USER who handed out admin credentials....
6.8CVSS
7.3AI Score
0.0004EPSS
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized...
6.1CVSS
6.1AI Score
0.0004EPSS
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper...
7.8CVSS
7.7AI Score
0.001EPSS
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input...
9.6CVSS
8.9AI Score
0.002EPSS
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT...
5.5CVSS
6.3AI Score
0.0004EPSS
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as...
8.6CVSS
8.5AI Score
0.0005EPSS
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing...
7.5CVSS
7.4AI Score
0.001EPSS
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0.....
4.3CVSS
4.5AI Score
0.001EPSS
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication...
8.8CVSS
8.6AI Score
0.001EPSS
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted...
9.8CVSS
9.2AI Score
0.001EPSS
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color...
6.1CVSS
6AI Score
0.001EPSS
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper...
7.8CVSS
7.5AI Score
0.0005EPSS
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer...
6.1CVSS
6.2AI Score
0.002EPSS
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or...
5.3CVSS
5.2AI Score
0.001EPSS
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...
5.3CVSS
5.2AI Score
0.001EPSS
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...
5CVSS
4.3AI Score
0.001EPSS
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...
6.5CVSS
6.3AI Score
0.001EPSS
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification...
9.8CVSS
9.2AI Score
0.002EPSS
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based...
7.1CVSS
6.8AI Score
0.002EPSS
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in.....
9.8CVSS
9.2AI Score
0.002EPSS
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail...
5.4CVSS
5.3AI Score
0.001EPSS
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...
8CVSS
8.1AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained...
5.6AI Score
0.001EPSS
Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH...
6.6AI Score
0.004EPSS
Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO...
7.2AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail...
5.7AI Score
0.002EPSS
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid.....
10CVSS
9.3AI Score
0.002EPSS
TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the...
6.2AI Score
0.0004EPSS
Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail...
6.5AI Score
0.019EPSS
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/css_optimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet....
9.8CVSS
9.5AI Score
0.002EPSS
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...
5.4CVSS
4.6AI Score
0.001EPSS
Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o.....
7.8CVSS
7.6AI Score
0.0004EPSS
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET.....
7.1CVSS
7AI Score
0.0004EPSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path...
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername...
5.4CVSS
5.2AI Score
0.001EPSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username...
5.4CVSS
5.2AI Score
0.001EPSS
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service...
7.8CVSS
7.6AI Score
0.001EPSS
Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the...
7.5CVSS
7.3AI Score
0.001EPSS
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT...
7.8CVSS
7.6AI Score
0.001EPSS
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these...
7.4CVSS
7.2AI Score
0.001EPSS
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote...
8.8CVSS
8.5AI Score
0.001EPSS
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user...
8.1CVSS
8.1AI Score
0.002EPSS
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation....
5.5CVSS
5.3AI Score
0.0004EPSS
6.1CVSS
5.9AI Score
0.003EPSS
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the...
8.8CVSS
9.1AI Score
0.003EPSS
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder...
7.5CVSS
7.2AI Score
0.002EPSS
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to...
8.8CVSS
8.7AI Score
0.003EPSS
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk...
6.5CVSS
6.5AI Score
0.001EPSS