19 matches found
EUVD-2023-38307
Malicious code in bioql PyPI...
CVE-2023-34209
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...
CVE-2023-34208
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive...
CVE-2023-34210
CVE-2023-34210 affects EasyUse MailHunter Ultimate (versions 2023 and earlier). The vulnerability is an SQL injection in the create customer group function via the ctl00$ContentPlaceHolder1$txtCustSQL parameter, exploitable by remote authenticated users to execute arbitrary SQL commands. Public d...
CVE-2023-34210 SQL Injection in EasyUse MailHunter Ultimate
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter...
CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...
CVE-2023-34209
CVE-2023-34209 affects EasyUse MailHunter Ultimate (2023 and earlier). A flaw in the create template function allows remote authenticated users to view the absolute path by an unencrypted VIEWSTATE parameter. The issue exposes sensitive system information to an unauthorized control sphere, with i...
CVE-2023-34208 Path Traversal in EasyUse MailHunter Ultimate
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive...
CVE-2023-34208
The CVE-2023-34208 entry concerns a path traversal vulnerability in the create template function of EasyUse MailHunter Ultimate (versions 2023 and earlier). A crafted ZIP archive could let an authenticated remote user extract files to arbitrary directories, exposing sensitive data (impact to conf...
CVE-2023-34207
Summary: CVE-2023-34207 affects EasyUse MailHunter Ultimate (versions 2023 and earlier). The issue is an unrestricted upload of file with dangerous type in the create template function, enabling remote authenticated users to run arbitrary system commands with NT Authority\SYSTEM privileges via a ...
EasyUse MailHunter Ultimate Path Traversal Vulnerability
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a path traversal vulnerability that could allow an authenticated remote user to extract files t...
EasyUse MailHunter Ultimate Security Vulnerability
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2023 and prior versions, which stems from the exposure of sensitive system information to an unauthorized Control Sphere, allowing an authenticat...
PT-2023-24737 · Easyuse · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to perform arbitrary system commands with ‘NT AuthoritySYSTEM‘ privilege via a crafted ZIP archive. This is due to an unrestricted...
PT-2023-24740 · Easyuse · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter in the create customer group function. Thi...
CVE-2022-35223
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...
CVE-2022-35223
CVE-2022-35223 affects EasyUse MailHunter Ultimate via its cookie deserialization function. The root cause is inadequate validation during deserializing cookies containing a malicious payload, enabling an unauthenticated remote attacker to execute arbitrary code, manipulate system commands, or in...
CVE-2022-35223 EasyUse MailHunter Ultimate - Deserialization of Untrusted Data
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...
EasyUse MailHunter Ultimate 代码问题漏洞
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2020 and prior versions, which stems from a failure to perform reasonable checks on its cookie deserialization feature causing an unprivileged,...
PT-2022-22641 · Unknown · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate affected versions not specified Description: The issue is related to an inadequate validation vulnerability in EasyUse MailHunter Ultimate's cookie deserialization function. Deserializing a cookie containing a...