Lucene search
K

86 matches found

seebug.org
seebug.org
added 2014/06/17 12:0 a.m.17 views

Coremail 邮件系统存储型 XSS

简要描述: 设计疏忽导致可执行恶意 JavaScript 代码。 详细说明: 我原以为和 WooYun: Coremail邮件系统存储型XSS之二 这里是同一种文件漏洞,问过之后,了解到不是同一个。 本漏洞是直接预览 SVG 图片附件,会触发 SVG 内部脚本。新版本 Coremail “除了部分格式的图片和PDF”,不知道有没有修复这个问题,姑且发出来吧。 如图,用户预览附件即会触发 XSS。 (不嫌麻烦的话可以配合之前获取 sid/mid 的漏洞,在正文内插入链接、跳转到附件 SVG 的预览地址,作为伪装。) 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/10 12:0 a.m.66 views

Anymacro Mail System 6 /share.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/22 12:0 a.m.29 views

U-Mail邮件系统获取指定账户权限(任意用户明文密码查询)

简要描述: 可获取该系统指定用户权限,最近看发这套的人挺多的,不知道我这个你们觉得鸡肋不 详细说明: u-mail取回密码处设计不当,导致任意用户密码可越权查看,当update=s时,可查看任意账户密码 http://mail.xxx.com/webmail/[email protected]&update=s 直接查看指定邮箱账户密码 接下来想做什么都可以了。 谷歌: Powered by U-Mail 邮件服务器 官网Demo:...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/04/10 12:0 a.m.105 views

Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net

Author: yaoxi original source http://blog.wangzhan.360.cn/ Recently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named“heart bleed”vulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to htt...

5CVSS8AI score0.99999EPSS
Exploits88
myhack58
myhack58
added 2014/01/17 12:0 a.m.33 views

By the LFI caused by the Zimbra mail management system of 0day-vulnerability warning-the black bar safety net

Zimbra is a company with a lot of the mail system, may relate to many of the company's internal confidential, it is extremely important. This is a few days ago on exploit-db. com on the issue to the 0day to: it. By a local file inclusion vulnerability can be seen localconfig. xml content, and thi...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/08 12:0 a.m.32 views

Eyou Mail System Remote Code Execution

Hi! The Eyou Mail System have a Remote Code Execution in \inc\fuction.php.It affects version below 3.6. The Vulnerability fuction is getloginipconfigfile in \inc\fuction.php. function getloginipconfigfile$domain, $file $dir = '/var/eyou/Domain/'; $dirmail = exec'/var/eyou/sbin/hashid '.$domain;...

0.3AI score
Exploits0
myhack58
myhack58
added 2012/11/09 12:0 a.m.84 views

MagicMail Mike g & e-mail system XSS and absolute path vulnerability-vulnerability warning-the black bar safety net

This morning in the Black Box testing of the local education network of the time to find a mail system vulnerability Comprising a reflectiveXSS as well as the absolute path to the leak Looked at looks like all is linux. Keywords: Mike g & e-mail system by MagicMail ! You can see a lot of governme...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2012/04/02 12:0 a.m.22 views

Fedora Update for cyrus-imapd FEDORA-2011-13832

Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Fedora Update for cyrus-imapd FEDORA-2011-13832 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

7.5CVSS6.3AI score0.05365EPSS
Exploits0References2
Debian
Debian
added 2012/01/01 11:51 p.m.31 views

[SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update

--------------------------------------------------------------------------- Debian Security Advisory DSA-2377-1 [email protected] http://www.debian.org/security/ Nico Golde Jan 1st, 2012 http://www.debian.org/security/faq -...

4.3CVSS5.6AI score0.02142EPSS
Exploits0
OSV
OSV
added 2012/01/01 12:0 a.m.29 views

DSA-2377-1 cyrus-imapd-2.2 - denial of service

Bulletin has no description...

4.3CVSS5.9AI score0.02142EPSS
Exploits0
Fedora
Fedora
added 2011/10/16 12:57 a.m.30 views

[SECURITY] Fedora 16 Update: cyrus-imapd-2.4.12-1.fc16

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

7.5CVSS1AI score0.05365EPSS
Exploits0
Fedora
Fedora
added 2011/10/13 11:55 p.m.36 views

[SECURITY] Fedora 15 Update: cyrus-imapd-2.4.12-1.fc15

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

7.5CVSS1AI score0.05365EPSS
Exploits0
NVD
NVD
added 2011/06/29 5:55 p.m.26 views

CVE-2011-1334

Cross-site scripting XSS vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from...

4.3CVSS5.5AI score0.01223EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/24 10:21 a.m.5 views

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported...

4.3CVSS6AI score0.01223EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2011/06/20 12:0 a.m.27 views

Fedora Update for cyrus-imapd FEDORA-2011-7217

Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Fedora Update for cyrus-imapd FEDORA-2011-7217 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

5.1CVSS6.3AI score0.03999EPSS
Exploits0References2
Fedora
Fedora
added 2011/06/11 4:34 a.m.42 views

[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

5.1CVSS0.9AI score0.03999EPSS
Exploits0
NVD
NVD
added 2011/06/09 2:38 a.m.17 views

CVE-2011-2468

Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request...

5CVSS6.7AI score0.01895EPSS
Exploits0References4
Prion
Prion
added 2011/06/09 2:38 a.m.17 views

Directory traversal

Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request...

5CVSS7.2AI score0.01895EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/06/07 7:0 p.m.50 views

CVE-2011-2468

CVE-2011-2468 describes a directory traversal vulnerability in the web interface of AnyMacro Mail System G4X. The issue allows remote attackers to read arbitrary files via directory traversal sequences in a request. Information across connected sources confirms the affected product and the vulner...

5CVSS6.9AI score0.01895EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/06/07 7:0 p.m.21 views

CVE-2011-2468

Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request...

6.7AI score0.01895EPSS
Exploits0References4
Rows per page
Query Builder