Lucene search
K

109 matches found

CVE
CVE
added 2021/01/26 9:2 p.m.74 views

CVE-2020-23774

The CVE-2020-23774 entry concerns a reflected XSS in Winmail 6.5, specifically in tohtml/convert.php. The underlying issue is the ability to cause JavaScript execution via user-controlled input reflected in the response. Evidence from connected records confirms the affected software/component and...

6.1CVSS6AI score0.00605EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/01/26 9:2 p.m.22 views

CVE-2020-23774

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...

6.1AI score0.00605EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.8 views

Winmail Code Issue Vulnerability

Winmail is a server-side application used to provide email services by Suzhou Huazhao Technology Winmail Company in China. A code issue vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to cause the server to send requests to a specific URL...

7.5CVSS7.2AI score0.00786EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.9 views

Winmail Cross-Site Scripting Vulnerability

Winmail is a server-side application used to provide mail services by Suzhou Huazhao Technology Winmail Company in China. A cross-site scripting vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to steal sensitive information...

6.1CVSS6.2AI score0.00605EPSS
Exploits1References2
OSV
OSV
added 2019/11/11 4:15 a.m.2 views

UBUNTU-CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...

5.5CVSS6.8AI score0.01203EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2019/11/11 12:0 a.m.2 views

PT-2019-15699 · Tnef +2 · Tnef +2

Name of the Vulnerable Software and Affected Versions: tnef versions prior to 1.4.18 Description: The issue allows an attacker to potentially write to the victim's .ssh/authorized keys file via a crafted winmail.dat application/ms-tnef attachment in an email message. This is due to a heap-based...

5.5CVSS7.7AI score0.01203EPSS
Exploits1References30
OpenVAS
OpenVAS
added 2018/09/19 12:0 a.m.11 views

Winmail Server Detection (HTTP)

Detection of Winmail Server Webmail. The script sends a connection HTTP based request to the server and attempts to detect Winmail Server Webmail and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/09/19 12:0 a.m.25 views

Winmail Server < 6.3 Directory Traversal Vulnerability

Winmail Server allows remote code execution RCE by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might...

8.8CVSS9AI score0.0333EPSS
Exploits1References2
CNVD
CNVD
added 2018/01/16 12:0 a.m.4 views

AMAX Winmail Server Remote Code Execution Vulnerability

AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server 6.2 and earlier versions. A remote attacker can exploit t...

8.8CVSS7.2AI score0.0333EPSS
Exploits1References1
NVD
NVD
added 2018/01/14 8:29 p.m.17 views

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

8.8CVSS8.9AI score0.0333EPSS
Exploits1References1
Prion
Prion
added 2018/01/14 8:29 p.m.18 views

Directory traversal

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

6.5CVSS8.8AI score0.0333EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/01/14 8:29 p.m.5 views

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

8.8CVSS6.3AI score0.0333EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/01/14 8:0 p.m.23 views

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

9AI score0.0333EPSS
Exploits1References1
CVE
CVE
added 2018/01/14 8:0 p.m.48 views

CVE-2018-5700

Winmail Server (versions up to 6.2) is affected by CVE-2018-5700 through a directory traversal in netdisk.php (copy_folder_file) that allows authenticated users to move a PHP file from the FTP folder into a web folder, enabling remote code execution. OpenVAS notes a vulnerability in Winmail Server

8.8CVSS8.9AI score0.0333EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/06/30 12:0 a.m.3 views

AMAX Winmail Server Code Execution Vulnerability

AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server version 6.1. A remote attacker can exploit the...

8.8CVSS7.3AI score0.0275EPSS
Exploits0References1
OSV
OSV
added 2017/06/24 5:29 p.m.2 views

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

8.8CVSS6.3AI score0.0275EPSS
Exploits0References2
Prion
Prion
added 2017/06/24 5:29 p.m.9 views

Directory traversal

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

6.5CVSS7.9AI score0.0275EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/06/24 5:29 p.m.14 views

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

8.8CVSS8.9AI score0.0275EPSS
Exploits0References2
CVE
CVE
added 2017/06/24 5:0 p.m.39 views

CVE-2017-9846

CVE-2017-9846 affects Winmail Server 6.1. Affected component: netdisk.php in the web folder. Root cause: directory traversal allows an authenticated user to move a PHP file from the FTP folder into the web folder, enabling remote code execution. Documents show multiple references (NVD entry, CNVD...

8.8CVSS8.8AI score0.0275EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/06/24 5:0 p.m.18 views

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

8.9AI score0.0275EPSS
Exploits0References2
Rows per page
Query Builder