CVE-2018-25411

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application developed by the American company Zoom. Versions of Zoom Workplace prior to 6.6.0 contained a security vulnerability. This vulnerability stemmed from external control over file names or paths within the email function, which could allow unauthenticated user...

EUVD-2026-4892

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

SAP Fiori App Intercompany Balance Reconciliation 安全漏洞

SAP Fiori App Intercompany Balance Reconciliation is a financial application from SAP, Germany. A security vulnerability exists in SAP Fiori App Intercompany Balance Reconciliation, which originates from an elevated-privilege attacker being able to send an uploaded file to an arbitrary email, whi...

PT-2024-28786 · Sl 500 +2 · Sl 500 +2

Name of the Vulnerable Software and Affected Versions: Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013 SL 200 versions prior to 3.0.0-60 SL 500 versions prior to 3.0.0-60 Description: The issue concerns the storage of plaintext passwords in certain files, specifically export.html,...

PT-2023-20889 · China Mobile · China Mobile Oa Mailbox Pc

Name of the Vulnerable Software and Affected Versions: China Mobile OA Mailbox PC version 2.9.23 Description: An issue in China Mobile OA Mailbox PC allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...

SUSE CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

ALPINE-CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users tha...

ALPINE-CVE-2019-15961

A vulnerability in the email parsing module Clam AntiVirus ClamAV Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in...

OPENSUSE-SU-2019:2668-1 Security update for clamav

This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as bsc1157763. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2019:14236-1 Security update for clamav

This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as bsc1157763...

SUSE-SU-2019:3177-1 Security update for clamav

This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as bsc1157763...

CVE-2018-20880

cPanel before 74.0.8 mishandles account suspension because of an invalid emailaccounts.json file SEC-445...