Lucene search
K

439 matches found

Cvelist
Cvelist
added 2025/04/29 11:36 a.m.25 views

CVE-2025-3929 Stored XSS vulnerability in MDaemon Email Server

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

5.3CVSS0.00474EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/04/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

6.1CVSS6AI score0.00474EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.6 views

PT-2025-18143 · Unknown · Mdaemon Email Server

Name of the Vulnerable Software and Affected Versions: MDaemon Email Server versions 25.0.1 and below Description: A Stored Cross-Site Scripting XSS issue was discovered, allowing a remote attacker to send a specially crafted HTML e-mail message with JavaScript in an img tag. This could enable th...

6.1CVSS5.4AI score0.00474EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.4 views

MDaemon Email Server 安全漏洞

MDaemon Email Server is an email server from MDaemon, Inc. A security vulnerability exists in MDaemon Email Server 25.0.1 and earlier versions, which originates from JavaScript code in specially crafted HTML emails and could lead to a cross-site scripting attack...

6.1CVSS5.9AI score0.00474EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.4 views

PT-2025-7938 · Zimbra · Zimbra Email Server

Name of the Vulnerable Software and Affected Versions: Zimbra Email Server affected versions not specified Description: A Credential Disclosure issue exists due to the lack of encryption, allowing an administrator to extract stored SMTP account credentials. Recommendations: At the moment, there i...

2.7CVSS7.6AI score0.00164EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/12/19 9:31 p.m.18 views

GoPhish sends cleartext passwords

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7.1AI score0.00358EPSS
Exploits0References3Affected Software1
Securelist
Securelist
added 2024/12/12 10:0 a.m.9 views

Careto is back: what’s new after 10 years of silence?

During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, our researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor...

7.1AI score
Exploits0
OSV
OSV
added 2024/11/15 11:15 a.m.3 views

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

6.1CVSS6AI score0.17105EPSS
Exploits0References2
NVD
NVD
added 2024/11/15 11:15 a.m.23 views

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

6.1CVSS0.17105EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 10:43 a.m.17 views

CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS6.3AI score0.17105EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/15 10:43 a.m.46 views

CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS0.17105EPSS
Exploits0References1
CVE
CVE
added 2024/11/15 10:43 a.m.191 views

CVE-2024-11182

MDaemon Email Server is affected by CVE-2024-11182: an XSS in HTML emails containing JavaScript in an img tag, exploitable in the webmail UI prior to version 24.5.1c. Impact is loading arbitrary JavaScript in the browser context of a webmail user. The vendor patched to 24.5.1c (Nov 14, 2024); exp...

6.1CVSS6AI score0.17105EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/11/15 12:0 a.m.6 views

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user’s browser window. Recent assessments: Assess...

6.1CVSS6.3AI score0.17105EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

MDaemon Email Server 安全漏洞

MDaemon Email Server is an email server from MDaemon, Inc. A security vulnerability exists in MDaemon Email Server versions prior to 24.5.1c, which stems from the presence of a cross-site scripting XSS vulnerability that could allow a remote attacker to load arbitrary JavaScript code in the conte...

6.1CVSS8.4AI score0.17105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.4 views

PT-2024-16805

Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions prior to 24.5.1c Description An XSS issue was discovered in MDaemon Email Server, allowing a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window by sending an HTML...

6.4CVSS7.7AI score0.17105EPSS
Exploits0References41
Ubuntu
Ubuntu
added 2024/09/16 11:52 a.m.10 views

USN-7013-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. CVE-2024-23184 It was discovered that Dovecot incorrectly handled very large headers. A remo...

7.5CVSS7.3AI score0.01284EPSS
Exploits2
OSV
OSV
added 2024/07/31 6:40 p.m.9 views

USN-6939-1 exim4 vulnerability

Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users...

5.4CVSS6.9AI score0.41225EPSS
Exploits5References2
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.6 views

The vulnerability of the rspamd_maps() function in the Docker-based email server deployment and management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the rspamdmaps function in the Docker-based email server deployment and management tool, mailcow:dockerized, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

8.7CVSS6.2AI score0.27346EPSS
Exploits2References5Affected Software1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.4 views

TerraMaster TOS Security Vulnerability

TerraMaster TOS is a Linux-based operating system from China's TerraMaster Corporation TerraMaster that is dedicated to the TerraMaster Cloud Storage NAS server. A security vulnerability exists in TerraMaster TOS version 5.1 and prior versions, which stems from the use of hard-coded credentials. ...

9.4CVSS6.9AI score0.00517EPSS
Exploits0References2
OSV
OSV
added 2024/05/23 5:15 p.m.3 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.8CVSS5.8AI score0.00402EPSS
Exploits0References1
Rows per page
Query Builder