Lucene search
K

34 matches found

CVE
CVE
added 2023/10/17 3:35 a.m.63 views

CVE-2023-34207

Summary: CVE-2023-34207 affects EasyUse MailHunter Ultimate (versions 2023 and earlier). The issue is an unrestricted upload of file with dangerous type in the create template function, enabling remote authenticated users to run arbitrary system commands with NT Authority\SYSTEM privileges via a ...

9.9CVSS8.8AI score0.00645EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.4 views

EasyUse MailHunter Ultimate Code Issue Vulnerability

EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a Dangerous Types of Files Unrestricted Uploads vulnerability that could allow an authenticated...

9.9CVSS7.3AI score0.00645EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.3 views

EasyUse MailHunter Ultimate SQL Injection Vulnerability

EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a SQL injection vulnerability that allows an authenticated remote user to execute arbitrary SQL...

8.8CVSS8.4AI score0.00582EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.4 views

EasyUse MailHunter Ultimate Security Vulnerability

EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2023 and prior versions, which stems from the exposure of sensitive system information to an unauthorized Control Sphere, allowing an authenticat...

5CVSS6.5AI score0.00429EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.6 views

EasyUse MailHunter Ultimate Path Traversal Vulnerability

EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a path traversal vulnerability that could allow an authenticated remote user to extract files t...

6.5CVSS6.8AI score0.00638EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-24739 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to obtain sensitive system information, specifically the absolute path, via an unencrypted VIEWSTATE parameter in the create templa...

5CVSS4.3AI score0.00429EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.7 views

PT-2023-24740 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter in the create customer group function. Thi...

8.8CVSS8.8AI score0.00582EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.9 views

PT-2023-24737 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to perform arbitrary system commands with ‘NT AuthoritySYSTEM‘ privilege via a crafted ZIP archive. This is due to an unrestricted...

9.9CVSS8.3AI score0.00645EPSS
Exploits0References5
NVD
NVD
added 2022/08/02 4:15 p.m.21 views

CVE-2022-35223

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...

9.8CVSS0.01265EPSS
Exploits0References2
CVE
CVE
added 2022/08/02 3:21 p.m.65 views

CVE-2022-35223

CVE-2022-35223 affects EasyUse MailHunter Ultimate via its cookie deserialization function. The root cause is inadequate validation during deserializing cookies containing a malicious payload, enabling an unauthenticated remote attacker to execute arbitrary code, manipulate system commands, or in...

9.8CVSS10AI score0.01265EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/02 3:21 p.m.24 views

CVE-2022-35223 EasyUse MailHunter Ultimate - Deserialization of Untrusted Data

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...

9.8CVSS10AI score0.01265EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.4 views

EasyUse MailHunter Ultimate 代码问题漏洞

EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2020 and prior versions, which stems from a failure to perform reasonable checks on its cookie deserialization feature causing an unprivileged,...

9.8CVSS8.8AI score0.01265EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.5 views

PT-2022-22641 · Unknown · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate affected versions not specified Description: The issue is related to an inadequate validation vulnerability in EasyUse MailHunter Ultimate's cookie deserialization function. Deserializing a cookie containing a...

9.8CVSS9.6AI score0.01265EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/07/29 6:48 a.m.2 views

CVE-2022-35223

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...

9.8CVSS6.1AI score0.01265EPSS
Exploits0References3
Rows per page
Query Builder