85 matches found
PT-2024-24304 · Unknown · Mailcleaner
Name of the Vulnerable Software and Affected Versions: MailCleaner versions up to 2023.03.14 Description: A vulnerability was found in the Log File Endpoint component, which can be exploited to lead to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to th...
Rapid7 MailCleaner Information Disclosure Vulnerability
Rapid7 MailCleaner is a set of penetration testing frameworks from the U.S. company Rapid7. The framework supports vulnerability validation and security assessment and so on. Rapid7 MailCleaner c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 Previous versions of NewslettersController.php file...
CVE-2019-1010246
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...
CVE-2019-1010246
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...
Information disclosure
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...
CVE-2019-1010246
CVE-2019-1010246 affects MailCleaner prior to c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9. The vulnerability is an unauthenticated disclosure of MySQL password information via the API call in the function allowAction() in NewslettersController.php, exploitable through an HTTP GET request. Impact is ...
CVE-2019-1010246
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...
CVE-2018-20323
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands...
CVE-2018-20323
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands...
Design/Logic Flaw
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands...
MailCleaner Authenticated Command Injection
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details The /admin/managetracing/search/search endpoint in MailCleaner Community Edition allo...
CVE-2018-20323
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands...
CVE-2018-20323
CVE-2018-20323 affects MailCleaner Community Edition 2018.08. The vulnerability is a command-injection in www/soap/application/MCSoap/Logs.php that allows an authenticated user to execute arbitrary OS commands on the web server when accessing the /admin/managetracing/search/search endpoint. Publi...
Mailcleaner Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)
Mailcleaner - Authenticated Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the...
Mailcleaner Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
Mailcleaner - Authenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
Mailcleaner Remote Code Execution
This module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then...
MailCleaner CE Cross-Site Scripting Vulnerability
MailCleaner CE is an open source anti-spam gateway. The product is deployed between the mail infrastructure and the Internet and has features such as virus protection. A cross-site scripting vulnerability exists in the www/guis/admin/application/controllers/UserController.php file in the admin...