CVE-2012-0812

PostfixAdmin 2.3.4 is affected by multiple XSS vulnerabilities due to insufficient input validation in the web interface. Impact stated as client-side code execution possibilities; exploitation details are not provided in the supplied documents. A remediation exists: upgrade to PostfixAdmin 2.3.5...

CVE-2012-0812

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...

Postfixadmin Protected Alias Deletion Vulnerability

Postfixadmin installations between 2.91 and 3.0.1 do not check if an admin is allowed to delete protected aliases. This vulnerability can be used to redirect protected aliases to an other mail address. Eg. rewrite the postmaster@domain alias This module requires Metasploit:...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

DEBIAN-CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

ALPINE-CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

Design/Logic Flaw

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

UBUNTU-CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The CVE-2017-5930 issue affects PostfixAdmin's AliasHandler. The AliasHandler component before 3.0.2 permits remote authenticated domain admins to delete protected aliases via delete.php due to a missing permission check, enabling unintended alias deletion. Public sources confirm the fix is to up...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

openSUSE Security Update : postfixadmin (openSUSE-2017-261)

postfixadmin was updated to 3.0.2 to fix the following issues : - PostfixAdmin 3.0.2 : - SECURITY: don't allow to delete protected aliases CVE-2017-5930, boo1024211 - fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performan...

PostfixAdmin Session Management Security Bypass Vulnerability

PostfixAdmin is a web-based administration tool for Postfix mail delivery servers. A security bypass vulnerability exists in PostfixAdmin. An attacker could use this vulnerability to bypass security restrictions to obtain sensitive information or perform unauthorized operations to launch further...

FreeBSD : postfixadmin -- SQL injection vulnerability (ff98087f-0a8f-11e4-b00b-5453ed2e2b49)

Thijs Kinkhorst reports : Postfixadmin has a SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

openSUSE Security Update : postfixadmin (openSUSE-2012-86)

update to PostfixAdmin 2.3.5 security release - fixes some SQL injections CVE-2012-0811 - fixes some XSS vulnerabilities CVE-2012-0812 - see CHANGELOG.TXT or bnc741455 for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : PostfixAdmin (openSUSE-SU-2014:0715-1)

Update PostfixAdmin to 2.3.7 : - fix a SQL injection in list-virtual.php CVE-2014-2655, bnc870434 - add support for new longer TLDs like .international - fix various small bugs - translation updates for lt and da - vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22 you...