94 matches found
CVE-2019-11784
Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...
CVE-2019-11784
Summary: CVE-2019-11784 affects Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, due to improper access control in the mail module (notifications). What is affected: The mail/notifications component of Odoo (both Community and Enterprise 14.x) with the described versions. Roo...
CVE-2019-11784
Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...
CVE-2019-11783
Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...
CVE-2019-11783
The CVE-2019-11783 issue affects Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier. It is caused by improper access control in the mail module (channel partners), enabling remote authenticated users to subscribe to arbitrary mail channels uninvited. The exposed impact is authen...
CVE-2018-15638
CVE-2018-15638 affects Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier. It is a Cross-Site Scripting (XSS) vulnerability in the mail module that allows remote attackers to inject arbitrary scripts into a victim’s browser via crafted channel names. The connected sources confir...
Odoo 跨站脚本漏洞
Odoo is an open source enterprise management suite , its features cover CRM, sales, purchasing, inventory management , manufacturing , quality management , HR full-featured , financial management , project management , PLM and a series of perfect enterprise information needs . A cross-site...
Odoo Access Control Error Vulnerability
Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An Access Control Error...
Odoo Access Control Error Vulnerability
Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security vulnerability...
Odoo Access Control Error Vulnerability
Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An Access Control Error...
CVE-2019-5938
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'...
Open-Xchange: OX (Guard): Stored Cross-Site Scripting via Email Attachment
Summary Improper handling of email attachments by "OX Guard" causes a Stored Cross-Site Scripting XSS vulnerability inside the OX "Mail" module. Injected code will be executed when the victim opens the HTML attachment of a decrypted email by using the "Open in browser" link/button. Proof of Conce...
U-Mail V9.8.54 /WorldClient/html/client/mail/module/o_mail.php 任意文件下载漏洞
No description provided by source...
CVE-2015-1377
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file...
Design/Logic Flaw
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file...
CVE-2015-1377
Webmin Read Mail Module Information Disclosure (CVE-2015-1377): Webmin 1.720 is vulnerable to a local symlink attack that permits local users to read arbitrary files via the Read Mail module. The issue is confirmed in multiple security feeds (NVD entry for CVE-2015-1377; Nessus/OPENVAS plugins re...
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploit Title: Humhub test Will insert the corresponding HTML elements into the post/comment body. 2. Humhub-modules-mail 7 persistent XSS vulnerability Humhub-modules-mail versions 0.5.9 and prior when used in conjunction with Humhub 0.10.0-rc.1 or prior is affected by the same vulnerability as...
phpCOIN 1.2 mod.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may levera...
PHP-Nuke 6.0 Web Mail Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email...
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these...