94 matches found
Drupal Mime Mail Module文件附件安全绕过漏洞
Bugtraq ID:65996 Drupal是一套开放源码的内容管理平台。 Drupal Mime Mail Module不正确校验附件文件路径,允许远程攻击者利用漏洞添加任意文件并获取敏感信息。 0 Drupal Mime Mail Module 6.x 厂商补丁: Drupal ----- Drupal Mime Mail Module 6.x-1.4已经修复该漏洞,建议用户下载更新: https://drupal.org/node/2211419...
CVE-2012-4495
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...
Design/Logic Flaw
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...
CVE-2012-4495
CVE-2012-4495 affects the Drupal Mime Mail module (6.x-1.x before 6.x-1.1). The root cause is improper restriction of access to files outside Drupal’s publish files directory, allowing remote authenticated users to send arbitrary files as attachments. Impact is that authenticated users can attach...
CVE-2012-4495
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...
Mandriva Update for mmc-wizard MDVA-2011:028 (mmc-wizard)
Check for the Version of mmc-wizard OpenVAS Vulnerability Test Mandriva Update for mmc-wizard MDVA-2011:028 mmc-wizard Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
PT-2010-1042 · Linux +1 · Linux-Pam +1
Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.1.2 Red Hat Enterprise Linux pam-devel version 1.1.1 Red Hat Enterprise Linux pam-debuginfo version 1.1.1 Red Hat Enterprise Linux pam version 1.1.1 Description: The issue concerns multiple vulnerabilities in the...
SA-CONTRIB-2009-052 - Printer, e-mail and PDF versions - Cross site scripting
The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module doesn't properly escape a number of user-supplied variables before output. A user who has the permission to add content could attempt a cross site scripting XSS attack which may in some...
Merak Mail Server < 7.5.2 Web Mail Module Multiple Vulnerabilities
Binary data 2157.prm...
Merak Mail Server < 7.5.2 Web Mail Module Multiple Vulnerabilities
Binary data 2158.prm...
CVE-2004-0588
The CVE-2004-0588 entry describes an XSS vulnerability in Usermin’s web mail module (version around 1.070) that allows remote attackers to inject arbitrary HTML/script via e-mail messages. Affected software is Usermin, with the issue arising from improper sanitization of email content, enabling s...
CVE-2004-0588
Cross-site scripting XSS vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages...
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution
source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to...
PHP-Nuke 6.0 - Web Mail Script Injection
PHP-Nuke 6.0 - Web Mail Script Injection source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an...