86 matches found
CVE-2014-1203
The NUCLEI template confirms CVE-2014-1203 affects Eyou Mail System prior to 3.6, with a remote code execution via get_login_ip_config_file that processes shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. The vulnerability stems from the get_login_ip_co...
Cross-Site Scripting Vulnerability in ExtMail Mail System
ExtMail is a mail system launched by Guangzhou Colliers Network Technology Co. A cross-site scripting vulnerability exists in the ExtMail email system. The attacker constructs XSS statements to perform pop-up box operations and obtain user cookies and other information...
CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...
Authentication Vulnerability in Coremail Mail System Server Side
Coremail mail system developed by Ying Shi Information Technology Co., Ltd. is a web application system, widely used in government agencies, enterprises and institutions and other departments. There is an authentication vulnerability in the server side of Coremail mail system. Because the server...
CVE-2016-6597
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability...
While trying Server 6.0 mail system has an arbitrary File Download vulnerability
No description provided by source...
Unauthorized Access Vulnerability in the Mail System of Sinosoft Technology Co.
Ltd. is a company that focuses on large-scale application software development and computer system integration. Unauthorized access vulnerability in the mail system of ChinaSoft Technology Co. An attacker can exploit the vulnerability to gain unauthorized access and disclose sensitive information...
iGenus mail system 5. 0 and the following version in the login. php at the presence of XSS vulnerabilities
No description provided by source...
CoreMail XT3.0 Cross Site Scripting
Application: CoreMail Versions Affected: XT3.0 Vendor URL: http://www.coremail.cn/ Bugs: Stored XSS Author:shack.liDBAPPSecurity Ltd Description: Coremail mail system was born in 1999, is widely used in network operators, large enterprises, government institutions, colleges and universities and...
[SECURITY] Fedora 21 Update: cyrus-imapd-2.4.18-1.fc21
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
[SECURITY] Fedora 22 Update: cyrus-imapd-2.4.18-1.fc22
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
[SECURITY] Fedora 23 Update: cyrus-imapd-2.4.18-1.fc23
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
Cross-site Scripting Vulnerability in the Mail System of Hainan YiPost Software Co.
Hainan YiPost Software Co., Ltd. provides related network communication collaboration software integration program. A cross-site scripting vulnerability exists in the mail system of Hainan YiPost Software Co., Ltd. that can be exploited by an attacker to obtain user cookie information and execute...
U-Mail mail system bulk getshell(truly unlimited, no General account-the vulnerability warning-the black bar safety net
The mail system is there any user login, and the presence of injection, which can be unlimited perfect getshell(getshell process only takes three simple. Mad Dog, this is not struck by lightning while waiting to be burst chrysanthemum. Detailed description: 1. Mail System Description 1 Official...
Command Execution Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.
Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...
Arbitrary File Download Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.
Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...
SQL Injection Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.
Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...
Default Password Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.
Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...
AnyMacro Mail System Stored Cross-Site Scripting Vulnerability
AnyMacro is a professional product and solution provider in the field of email and unified messaging. A stored cross-site scripting vulnerability exists in the AnyMacro mail system, which allows an attacker to gain access to all mailbox account privileges view, modify, delete, etc. by exploiting...
eYou邮件系统邮件正文存储型XSS(HTML5特性并需点击)
简要描述: eyou邮件系统邮箱多为政府和学校使用,经测试存在xss。 详细说明: 由于eyou版本号不同,下面测试代码的效果也有细微区别,但是存在漏洞原因相同。 测试代码: 发送后打开,效果如图: 某党政机关邮箱: 某院校邮箱: 漏洞证明: 由于eyou版本号不同,下面测试代码的效果也有细微区别,但是存在漏洞原因相同。 测试代码: 发送后打开,效果如图: 某党政机关邮箱:...