35 matches found
CVE-2023-1747 IBOS mark&op=delFromSend sql injection
A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The explo...
IBOS SQL注入漏洞
IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS 4.5.4 and earlier versions, which stems from a problem with the file /?r=email/api/mark&op=delFromSend, where manipulation of the parameter emailids can lead to sql injection...
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
Design/Logic Flaw
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
CVE-2019-17123
The CVE-2019-17123 entry concerns the eGain Web Email API 11+ where spoofed messages are possible due to improper handling of the fromName and message fields used in /system/ws/v11/ss/email. The root cause is mishandling of fromName with header injection via %0a/%0d and the message parameter allo...
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
CVE-2019-4394
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232...
Nextcloud: The email API to test email-server settings is unlimited and can be used as a email bomb
Description: The email-server settings test function in https://demo.nextcloud.com/xxx/settings/admin/additional is unlimited and can be used as a email bomb. And the test email API is https://demo.nextcloud.com/xxx/settings/admin/mailtest Reproduce steps: 1.Go to...
Nextcloud: The email API to reset password is unlimited and can be used as a email bomb
Description: The email API https://demo.nextcloud.com/qazxsw/lostpassword/email to reset password is unlimited and can be used as a email bomb Reproduce steps: 1.Every Instant trial's link is https://demo.nextcloud.com/yourname,and it always has a default user admin 2.then I try to visit one...
Design/Logic Flaw
core/emailapi.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug...
CVE-2012-5523
core/emailapi.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug...
CVE-2012-3472
The email API in application/libraries/api/MYEmailApiObject.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request...
Authentication flaw
The email API in application/libraries/api/MYEmailApiObject.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request...
CVE-2012-3472
The email API in application/libraries/api/MYEmailApiObject.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request...
CVE-2012-3472
The Ushahidi Platform