144 matches found
CVE-2023-27397
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
Path traversal
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
CVE-2023-27397
Vulnerability summary (CVE-2023-27397) : MicroEngine Mailform (versions 1.1.0–1.1.8) suffers an unrestricted upload of a dangerous file type when the product’s file upload and server save options are enabled. This allows a remote attacker to save an arbitrary file on the server and execute it, le...
CVE-2023-27507
CVE-2023-27507 affects MicroEngine Mailform, versions 1.1.0 through 1.1.8. The root cause is a path traversal vulnerability in the file upload/server save logic, allowing a remote attacker to save arbitrary files on the server and execute them when the affected functions are enabled. Impact inclu...
CVE-2023-27507
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
PT-2023-21096 · Microengine · Microengine Mailform
Name of the Vulnerable Software and Affected Versions: MicroEngine Mailform versions 1.1.0 through 1.1.8 PostgreSQL affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types. If the file upload function and server save option are...
MicroEngine Mailform 路径遍历漏洞
MicroEngine Mailform is a PHP mail form from MicroEngine Japan. A security vulnerability exists in MicroEngine Mailform versions 1.1.0 through 1.1.8, which stems from a path traversal vulnerability that could allow a remote attacker to save an arbitrary file on the server and execute it...
MicroEngine Mailform 代码问题漏洞
MicroEngine Mailform is a PHP mail form from MicroEngine Japan. A security vulnerability exists in MicroEngine Mailform versions 1.1.0 through 1.1.8, which stems from an unrestricted upload of a dangerous type of file, and allows a remote attacker to save an arbitrary file on the server and execu...
PT-2023-21179 · Unknown · Microengine Mailform
Name of the Vulnerable Software and Affected Versions: MicroEngine Mailform versions 1.1.0 through 1.1.8 Description: The issue allows a remote attacker to save an arbitrary file on the server and execute it, given that the file upload function and server save option are enabled. This is due to a...
CVE-2023-27507
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
Multiple vulnerabilities in MicroEngine Mailform
Overview MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Path traversal CWE-22 - CVE-2023-27507 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. and hibiki moriyama of...
JVN#31701509: Multiple vulnerabilities in MicroEngine Mailform
MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 3.7 CVSS v2|...
PT-2023-5393 · Tracker Software Products · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: The issue is related to a use-after-free flaw in the mailForm method of PDF-XChange Editor, which can be exploited to execute arbitrary code on affected installations. This...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
Input validation
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
CVE-2022-38400
CVE-2022-38400 affects Mailform Pro CGI 4.3.1 and earlier. The root cause is the Thanks module saving user input data for a short window (default 30 seconds), enabling a remote unauthenticated attacker to access a specially crafted URL and disclose user input data. Impact is information disclosur...
PT-2022-24408 · Unknown · Mailform Pro Cgi
Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions 4.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to obtain user input data by accessing a specially crafted URL. Recommendations: For Mailform Pro CGI versions 4.3.1 and earlier, at t...