84 matches found
OPSWAT Metadefender Core 4.21.1 Privilege Escalation
Exploit Title: OPSWAT Metadefender Core - Privilege Escalation Date: 24 October 2022 Exploit Author: Ulascan Yildirim Vendor Homepage: https://www.opswat.com/ Version: Metadefender Core 4.21.1 Tested on: Windows / Linux CVE : CVE-2022-32272...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
Cross site scripting
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
CVE-2022-40778
CVE-2022-40778 affects OPSWAT MetaDefender ICAP Server prior to 4.13.0. The vulnerability is a stored XSS caused by the blocked page response, allowing an attacker to execute arbitrary JavaScript or HTML. Connected sources confirm the affected product/version and the XSS impact. The entry does no...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
PT-2022-25536 · Opswat · Opswat Metadefender Icap Server
Name of the Vulnerable Software and Affected Versions: OPSWAT MetaDefender ICAP Server versions prior to 4.13.0 Description: A stored Cross-Site Scripting XSS issue allows attackers to execute arbitrary JavaScript or HTML due to the blocked page response. This enables attackers to potentially...
CVE-2022-32272
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation...
Privilege escalation
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation...
CVE-2022-32272
CVE-2022-32272 affects OPSWAT MetaDefender Core prior to 5.1.2, MetaDefender ICAP prior to 4.12.1, and MetaDefender Email Gateway Security prior to 5.6.1. The issue is due to incorrect access control, enabling privilege escalation. The Red Hat advisory and related sources confirm the same affecte...
CVE-2022-32273
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...
CVE-2022-32273
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...
CVE-2022-32273
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...
CVE-2022-32273
OPSWAT MetaDefender Core (MDCore) prior to version 5.1.2 is affected. An observable discrepancy in returned messages can allow an authenticated user to enumerate filenames on the server, exposing directory/file names. The vulnerability is tied to the MDCore component and requires authentication. ...
CVE-2022-32273
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...
OPSWAT MetaDefender Core 安全漏洞
OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in OPSWAT MetaDefender Core versions...
CVE-2018-16275
OPSWAT MetaDefender before v4.11.2 allows CSV injection...
CVE-2018-16275
OPSWAT MetaDefender before v4.11.2 allows CSV injection...
Input validation
OPSWAT MetaDefender before v4.11.2 allows CSV injection...