58 matches found
CVE-2023-0219
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...
Cross site scripting
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...
CVE-2023-0219 FluentSMTP < 2.2.3 - Stored XSS via Email Logs
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...
PT-2023-16092 · WordPress · Fluentsmtp
Name of the Vulnerable Software and Affected Versions: FluentSMTP WordPress plugin versions prior to 2.2.3 Description: The issue arises from the plugin's failure to sanitize or escape email content, making it susceptible to stored cross-site scripting attacks XSS when an administrator views the...
WordPress Plugin FluentSMTP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
FluentSMTP < 2.2.3 - Stored XSS via Email Logs
The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. PoC XSS Payload : Steps to reproduce: 1...
FluentSMTP < 2.2.3 - Stored XSS via Email Logs
The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...
CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible
The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...
CVE-2022-28055
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...
CVE-2022-28055
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...
Command injection
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...
CVE-2022-28055
FusionPBX v4.4 and earlier versions are affected by a command injection vulnerability in the Download Email Logs function. The CVE-2022-28055 entry is supported by multiple sources: Red Hat notes the issue in FusionPBX 4.4 and earlier; PT Security recommends upgrading to a version above 4.4; OSV,...
CVE-2022-28055
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...
CVE-2022-28055
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...
PT-2022-18782 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: Fusionpbx versions prior to 4.4 Description: The issue concerns a command injection vulnerability. This vulnerability can be exploited via the download email logs function. Recommendations: For Fusionpbx versions prior to 4.4, update to a...
Incredimail Credential Gatherer
This module searches for Incredimail credentials on a Windows host. Module Options msf use post/windows/gather/credentials/incredimail msf postincredimail show actions ...actions... msf postincredimail set ACTION msf postincredimail show options ...show and set options... msf postincredimail run...
CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released
CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...
barracudeHardcode.txt
Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...