204 matches found
OESA-2026-2355 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
[SECURITY] [DLA 4503-1] evolution-data-server security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 19, 2026 https://wiki.debian.org/LTS -...
Amazon Linux 2 : evolution-data-server, --advisory ALAS2-2026-3179 (ALAS-2026-3179)
The version of evolution-data-server installed on the remote host is prior to 3.28.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3179 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used ...
Amazon Linux 2023 : evolution-data-server, evolution-data-server-devel, evolution-data-server-langpacks (ALAS2023-2026-1451)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1451 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service...
CVE-2020-37083
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...
CVE-2020-37083 addressbook 9.0.0.1 - 'id' SQL Injection
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...
CVE-2020-37083
CVE-2020-37083 affects PHP AddressBook 9.0.0.1, where a time-based blind SQL injection is possible through the id parameter in photo.php. The underlying issue is a vulnerable SQL query that allows remote attackers to inject statements and cause time delays to deduce information. The documents spe...
CVE-2020-37083 addressbook 9.0.0.1 - 'id' SQL Injection
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...
CVE-2020-37083
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...
CVE-2025-34399
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a...
CVE-2025-34398
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a...
CVE-2025-34401
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a...
CVE-2025-34402
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a...
CVE-2025-34401
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variab...
CVE-2025-34402
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...
CVE-2025-34399
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...
CVE-2025-34400
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...
CVE-2025-34401
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variab...
CVE-2025-34399
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...
CVE-2025-34403
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...