EUVD-2024-41209

Malicious code in bioql PyPI...

CVE-2025-48992

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting XSS vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, whi...

CVE-2025-48992

Group-Office is affected by a stored and blind XSS in the Name field of user profiles for versions prior to 6.8.123 and prior to 25.0.27. The vulnerability allows an attacker to set their name to a JavaScript payload, which executes when the compromised user adds that attacker to Synchronization ...

CVE-2024-44786

Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors...

CVE-2024-44786

CVE-2024-44786 concerns Meabilis CMS 1.0 with an improper access control flaw that lets an attacker access other users’ address books via unspecified vectors. Documented impact is high (CVSS 7.5), with no publicly provided remediation or patch version in the supplied materials. Exploitation detai...

CVE-2024-44786

Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors...

PT-2024-31249 · Unknown · Meabilis Cms

Name of the Vulnerable Software and Affected Versions: Meabilis CMS version 1.0 Description: The issue allows attackers to bypass access controls and access other users' address books through unspecified vectors. Recommendations: For Meabilis CMS version 1.0, at the moment, there is no informatio...

CVE-2024-44786

Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors...

CVE-2022-46783

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

CVE-2022-46783

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

Design/Logic Flaw

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

Stormshield SSL VPN Client 加密问题漏洞

Stormshield SSL VPN Client is a VPN client from Stormshield. A security vulnerability exists in Stormshield SSL VPN Client versions prior to 3.2.0 that stems from allowing an attacker enough access to other encrypted address books...

PT-2023-15028 · Stormshield · Stormshield Ssl Vpn Client

Name of the Vulnerable Software and Affected Versions: Stormshield SSL VPN Client versions prior to 3.2.0 Description: An issue was discovered in the Stormshield SSL VPN Client. If multiple address books are used, an attacker may be able to access the other encrypted address book. Recommendations...

CVE-2022-46783

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

Critical Bug in Android Antivirus Exposes Address Books

A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues – including a critical vulnerability that exposes user’s address books, and another serious flaw that enables attackers to turn off antivirus protection entirely. According to an...

ThreatList: Popular Apps Get Enterprise Blacklisted

Mobile apps on BYOD handhelds tend to keep enterprise security pros worried. Between apps that are malicious, others that leak data and ones with pushy permissions – it’s hard to determine what’s safe and what might violate company rules. On Wednesday, Appthority released its annual list of the...

Fedora 25 : php-horde-turba (2017-449b22158f)

turba 4.2.20 - jan SECURITY: Fix open redirects. - jan Fix creating address books with the external API. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Canon IR-ADV Password Extractor

An authentication bypass vulnerability exists in Canon IR-ADV. A remote attacker can exploit this vulnerability by extracting the passwords from address books on various Canon IR-Adv mfp devices...

[SECURITY] Fedora Core 5 Update: squirrelmail-1.4.8-3.fc5

SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no Javascript for maximum compatibility across browsers. It has very few requirements and is very easy to configure...

CVE-2006-6286

Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information address books, calendar files, and todo lists of other users via unspecified vectors. NOTE: The provenance of this information is unknown...