5 matches found
CVE-2021-20617
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...
acmailer CGI and acmailer DB vulnerable to OS command injection
Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...
VulnCheck KEV: CVE-2021-20617
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...
CVE-2021-20618
Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors...
PT-2021-14078
Name of the Vulnerable Software and Affected Versions: acmailer versions 4.0.1 and earlier acmailer DB versions 1.1.3 and earlier Description: The issue allows remote attackers to execute an arbitrary OS command or gain administrative privilege, potentially resulting in the obtaining of sensitive...