Gainsight Assist 安全漏洞

Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from the state parameter in the OAuth callback URL exposing the base64-encoded user email address, potentially leading to personal...

CVE-2025-57244

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...

EUVD-2025-37021

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

PT-2025-44421

Name of the Vulnerable Software and Affected Versions AdForest - Classified Android App version 4.0.12 Description The AdForest - Classified Android App has an issue with how it controls access during authentication. The application utilizes a Base64-encoded email address as an authorization...

AdForest – Classified Android App 安全漏洞

AdForest - Classified Android App is a classified information system application by the individual developer Muhammad Jawad Arshad. A security vulnerability exists in AdForest - Classified Android App version 4.0.12, which stems from improper access control in the authentication mechanism, which...

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

SUSE CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1854-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1854-1 advisory. - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a...

CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:1854-1)

"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1854-1 advisory. - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a...

Oracle Linux 8 : thunderbird (ELSA-2021-2264)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2264 advisory. 78.11.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.11.0-1 - Update to 78.11.0 build1 Tenable has...

CVE-2016-1315

The proxy engine in Cisco Advanced Malware Protection AMP, when used with Email Security Appliance ESA 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338...

CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...

CVE-2002-2325

The CVE-2002-2325 entry concerns the c-client library used by IMAP (as in Pine 4.20–4.44). It describes a denial of service where a MIME-encoded email with a Content-Type header containing an empty boundary field can crash the client. The vulnerability is tied to the software versions mentioned (...

CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...