26 matches found
CVE-2025-55043
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
CVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
EUVD-2025-84365
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
CVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
CVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
CVE-2025-7632 Stored XSS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
CVE-2025-7632 Stored XSS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...
CVE-2025-7632
The CVE-2025-7632 entry relates to ZOHO ManageEngine Exchange Reporter Plus (web-based reporting tool). A stored cross-site scripting (XSS) flaw exists in the Public Folders report for versions 5723 and below, enabling scripts to be stored and potentially executed when other users access the affe...
ZOHO ManageEngine Exchange reporter Plus 安全漏洞
ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...
PT-2025-46319
Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below Description The software is susceptible to a Stored Cross-Site Scripting XSS issue within the Public Folders report functionality. This allows for the injection of malicious...
EUVD-2022-45213
Malicious code in bioql PyPI...
Unauthorized Source Code Disclosure
astro is vulnerable to unauthorized source code disclosure. The vulnerability is due to the inclusion of sourcemap files in publicly accessible folders during the build process, allowing unauthenticated users to access server source code via HTTP GET requests...
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
Design/Logic Flaw
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
CVE-2022-42136
CVE-2022-42136 affects MailEnable on Windows. Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had access, enabling an attacker to store arbitrary code on those files and execute Remote Code Execution (RCE). The ...
PT-2023-14065 · Mailenable · Mailenable
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows authenticated mail users, under specific circumstances, to add files with unsanitized content in public folders where the IIS user had...
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...