441 matches found
EUVD-2022-39894
Malicious code in bioql PyPI...
June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver
June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...
About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)
About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...
CVE-2024-22208
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2023-25171
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...
MDaemon Email Server Installed (Windows)
Binary data mdaemonemailserverwininstalled.nbin...
CVE-2022-24732
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing...
CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts...
CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space...
CVE-2020-14066
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access...
CVE-2019-19497
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...
CVE-2019-13612
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...
PT-2025-30037 · Ао'Сбк' · Communigate Pro
Уязвимость почтового сервера CommuniGate Pro связана с отсутствием аутентификации для критичной функции. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, отправлять электронные письма с произвольным содержанием на любой почтовый адрес...
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...
IceWarp Mail Server 输入验证错误漏洞
IceWarp Mail Server is a mail server product from the Czech company IceWarp IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. An input validation error vulnerability exists in IceWarp Mail Server, which can be exploited to cause users to be...
VulnCheck KEV: CVE-2024-11182
MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...
CVE-2025-3929
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...
CVE-2025-3929
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...
CVE-2025-3929
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...