145 matches found
mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover
A Cross-Site Request Forgery CSRF attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively...
CVE-2021-24013
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests...
CVE-2020-6317
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or...
[SECURITY] Fedora 33 Update: podman-2.1.1-10.fc33
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
CVE-2020-17382
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow 0x80102040, 0x80102044, 0x80102050,and 0x80102054. Recent assessments: bwatters-r7 at September 09, 2020 6:09pm UTC reported: This is a vulnerability in the MSI AmbientLink Version 1.0.0.8. The vulnerability allows a regular user...
CVE-2019-17312
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user...
CVE-2019-17311
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user...
CVE-2019-17305
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...
CVE-2019-17308
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...
CVE-2019-17305
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...
CVE-2019-17297
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...
CVE-2019-17297
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...
CVE-2019-17308
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...
CVE-2019-17296
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user...
CVE-2019-17293
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseProject module by a Regular user...
CVE-2019-17296
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user...
CVE-2019-17293
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseProject module by a Regular user...
CVE-2019-17294
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user...
CVE-2019-17295
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user...
CVE-2019-17294
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user...