34 matches found
CVE-2023-34207
Summary: CVE-2023-34207 affects EasyUse MailHunter Ultimate (versions 2023 and earlier). The issue is an unrestricted upload of file with dangerous type in the create template function, enabling remote authenticated users to run arbitrary system commands with NT Authority\SYSTEM privileges via a ...
EasyUse MailHunter Ultimate Code Issue Vulnerability
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a Dangerous Types of Files Unrestricted Uploads vulnerability that could allow an authenticated...
EasyUse MailHunter Ultimate SQL Injection Vulnerability
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a SQL injection vulnerability that allows an authenticated remote user to execute arbitrary SQL...
EasyUse MailHunter Ultimate Security Vulnerability
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2023 and prior versions, which stems from the exposure of sensitive system information to an unauthorized Control Sphere, allowing an authenticat...
EasyUse MailHunter Ultimate Path Traversal Vulnerability
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate 2023 and prior versions, which stems from the presence of a path traversal vulnerability that could allow an authenticated remote user to extract files t...
PT-2023-24739 · Easyuse · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to obtain sensitive system information, specifically the absolute path, via an unencrypted VIEWSTATE parameter in the create templa...
PT-2023-24740 · Easyuse · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter in the create customer group function. Thi...
PT-2023-24737 · Easyuse · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to perform arbitrary system commands with ‘NT AuthoritySYSTEM‘ privilege via a crafted ZIP archive. This is due to an unrestricted...
CVE-2022-35223
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...
CVE-2022-35223
CVE-2022-35223 affects EasyUse MailHunter Ultimate via its cookie deserialization function. The root cause is inadequate validation during deserializing cookies containing a malicious payload, enabling an unauthenticated remote attacker to execute arbitrary code, manipulate system commands, or in...
CVE-2022-35223 EasyUse MailHunter Ultimate - Deserialization of Untrusted Data
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...
EasyUse MailHunter Ultimate 代码问题漏洞
EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2020 and prior versions, which stems from a failure to perform reasonable checks on its cookie deserialization feature causing an unprivileged,...
PT-2022-22641 · Unknown · Easyuse Mailhunter Ultimate
Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate affected versions not specified Description: The issue is related to an inadequate validation vulnerability in EasyUse MailHunter Ultimate's cookie deserialization function. Deserializing a cookie containing a...
CVE-2022-35223
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...