16 matches found
CVE-2026-0483
CVE-2026-0483 is a stored XSS in Live Helper Chat’s PDF file upload for versions before 4.72. An attacker can upload a malicious PDF containing an XSS payload; when a user downloads and opens the file via the app’s link, arbitrary JavaScript executes in the user’s context. Public sources (PT Secu...
ZyXEL ZyWALL USG 操作系统命令注入漏洞
Zyxel ZyXEL ZyWALL USG is a network security firewall appliance from China Hopkins Zyxel. A security vulnerability exists in Zyxel ZyWALL/USG versions 4.20 to 4.72, VPN versions 4.30 to 5.32, USG FLEX versions 4.50 to 5.32, and ATP versions 4.32 to 5.32. The vulnerability stems from a...
Alstrasoft Video Share Enterprise 4.72 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: AlstraSoft Video Share Enterprise v4.72 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/videoshare.htm Demo:...
Debian Security Advisory DSA 2566-1 (exim4)
The remote host is missing an update to exim4 announced via advisory DSA 2566-1. OpenVAS Vulnerability Test $Id: deb25661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2566-1 exim4 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian DSA-2232-1 : exim4 - format string vulnerability
It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. CVE-2011-1764 The oldstable distribution lenny is not affected by this problem because it doe...
[SECURITY] Fedora 14 Update: exim-4.72-2.fc14
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
Design/Logic Flaw
The openlog function in log.c in Exim 4.72 and earlier does not check the return value from 1 setuid or 2 setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack...
CVE-2011-0017
The openlog function in log.c in Exim 4.72 and earlier does not check the return value from 1 setuid or 2 setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack...
CVE-2011-0017
The openlog function in log.c in Exim 4.72 and earlier does not check the return value from 1 setuid or 2 setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack...
CVE-2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spooldirectory directive...
CVE-2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spooldirectory directive...
CVE-2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spooldirectory directive. Recent assessments: Assessed Attacker Value...
Fedora 12 : exim-4.72-1.fc12 (2010-9506)
This update fixes the following security flaws: CVE-2010-2023 exim: hard-link following vulnerability in mailbox handling CVE-2010-2024 exim: race condition when MBX locking is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securi...
Multiple vulnerabilities in Exim
================================== Exim Mailer, multiple vulnerabilites June 3, 2010 CVE-2010-2023, CVE-2010-2024 ================================== ==Description== Two vulnerabilities have been discovered in Exim 4, a popular mail transfer agent used on Unix-like systems www.exim.org. 1. When Ex...
CVE-2010-2023
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...
CVE-2010-2024
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/...