197 matches found
EUVD-2011-4669
Malware in sbrugna...
EUVD-2008-0879
Malware in sbrugna...
EUVD-2021-19090
Malware in sbrugna...
EUVD-2022-29277
Malicious code in bioql PyPI...
EUVD-2022-29278
Malicious code in bioql PyPI...
CVE-2023-48116
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment...
CVE-2023-48115
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request...
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...
CVE-2023-48116
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment...
CVE-2023-48115
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request...
Cross site scripting
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment...
Cross site scripting
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request...
SmarterTools SmarterMail Security Breach
SmarterTools SmarterMail is a set of mail server software from SmarterTools. The software supports spam filtering, statistics, Simple Mail Transfer Protocol SMTP authentication, and other features. A security vulnerability exists in SmarterTools SmarterMail versions 8495 through 8664, which stems...
CVE-2023-48115
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request...
CVE-2023-48115
SmarterMail 8495–8664 before 8747 is vulnerable to stored DOM XSS caused by an XSS protection mechanism being skipped when messageHTML and messagePlainText are set in the same request. Exploitation details are not provided in the documents, but the approved remediation is to upgrade to 8747 or la...
CVE-2023-48116
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment...
CVE-2023-48116
CVE-2023-48116 affects SmarterTools SmarterMail 8495–8664; a crafted Calendar appointment description enables stored XSS. Root cause: input in calendar descriptions not properly sanitized, allowing script execution within the web client. Impact is stored XSS as described; exploitation details are...
CVE-2023-48114
CVE-2023-48114 affects SmarterTools SmarterMail 8495–8664, before 8747. A stored XSS flaw arises from handling image/svg+xml and uploaded SVGs, where the app permits youtube.com variants including an @ attacker-controlled domain name. Impact is stored XSS in web context via SVG upload; no exploit...
Metasploit Weekly Wrap-Up
Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
This module exploits a vulnerability in the SmarterTools SmarterMail software for version numbers use exploit/windows/http/smartermailrce msf exploitsmartermailr...