66 matches found
EUVD-2018-7387
Malware in sbrugna...
EUVD-2018-7388
Malware in sbrugna...
EUVD-2018-7390
Malware in sbrugna...
EUVD-2018-7389
Malware in sbrugna...
EUVD-2018-18313
Malware in sbrugna...
EUVD-2024-25230
Malicious code in bioql PyPI...
EUVD-2024-25231
Malicious code in bioql PyPI...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28064
Kiteworks Totemomail 7.x–8.2.1 is vulnerable to directory traversal via the /responsiveUI/EnvelopeOpenServlet endpoint using the messageId parameter, enabling unauthenticated read, delete, and write operations. Root cause involves directory traversal in the EnvelopeOpenServlet handling of message...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28063
Kiteworks Totemomail up to version 7.0.0 is affected by a reflected XSS vulnerability in the /responsiveUI/EnvelopeOpenServlet endpoint via the envelopeRecipient parameter. This is corroborated by multiple sources in the connected set, including PT-2024-22244, which details the endpoint and param...
PT-2024-22244 · Kiteworks · Kiteworks Totemomail
Name of the Vulnerable Software and Affected Versions: Kiteworks Totemomail versions through 7.0.0 Description: The issue allows for reflected XSS through the /responsiveUI/EnvelopeOpenServlet endpoint, specifically targeting the envelopeRecipient parameter. This enables potential attackers to...
PT-2024-22245 · Kiteworks · Kiteworks Totemomail
Name of the Vulnerable Software and Affected Versions: Kiteworks Totemomail versions 7.x through 8.2.1 Description: The issue allows for directory traversal, enabling unauthenticated file read and delete operations, as well as write operations, through the /responsiveUI/EnvelopeOpenServlet...
Totemo totemomail read/write access vulnerability
Totemo totemomail is an email encryption solution from the Swiss company Totemo. A security vulnerability exists in Totemo totemomail version 7.0.0. The vulnerability can be exploited by a remote attacker via enumeration to read and modify mail folders...
CVE-2020-7918
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration...