109 matches found
CVE-2020-23774
The CVE-2020-23774 entry concerns a reflected XSS in Winmail 6.5, specifically in tohtml/convert.php. The underlying issue is the ability to cause JavaScript execution via user-controlled input reflected in the response. Evidence from connected records confirms the affected software/component and...
CVE-2020-23774
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...
Winmail Code Issue Vulnerability
Winmail is a server-side application used to provide email services by Suzhou Huazhao Technology Winmail Company in China. A code issue vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to cause the server to send requests to a specific URL...
Winmail Cross-Site Scripting Vulnerability
Winmail is a server-side application used to provide mail services by Suzhou Huazhao Technology Winmail Company in China. A cross-site scripting vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to steal sensitive information...
UBUNTU-CVE-2019-18849
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...
PT-2019-15699 · Tnef +2 · Tnef +2
Name of the Vulnerable Software and Affected Versions: tnef versions prior to 1.4.18 Description: The issue allows an attacker to potentially write to the victim's .ssh/authorized keys file via a crafted winmail.dat application/ms-tnef attachment in an email message. This is due to a heap-based...
Winmail Server Detection (HTTP)
Detection of Winmail Server Webmail. The script sends a connection HTTP based request to the server and attempts to detect Winmail Server Webmail and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
Winmail Server < 6.3 Directory Traversal Vulnerability
Winmail Server allows remote code execution RCE by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might...
AMAX Winmail Server Remote Code Execution Vulnerability
AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server 6.2 and earlier versions. A remote attacker can exploit t...
CVE-2018-5700
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...
Directory traversal
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...
CVE-2018-5700
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...
CVE-2018-5700
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...
CVE-2018-5700
Winmail Server (versions up to 6.2) is affected by CVE-2018-5700 through a directory traversal in netdisk.php (copy_folder_file) that allows authenticated users to move a PHP file from the FTP folder into a web folder, enabling remote code execution. OpenVAS notes a vulnerability in Winmail Server
AMAX Winmail Server Code Execution Vulnerability
AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server version 6.1. A remote attacker can exploit the...
CVE-2017-9846
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...
Directory traversal
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...
CVE-2017-9846
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...
CVE-2017-9846
CVE-2017-9846 affects Winmail Server 6.1. Affected component: netdisk.php in the web folder. Root cause: directory traversal allows an authenticated user to move a PHP file from the FTP folder into the web folder, enabling remote code execution. Documents show multiple references (NVD entry, CNVD...
CVE-2017-9846
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...