19 matches found
EUVD-2023-32371
Malicious code in bioql PyPI...
EUVD-2023-32369
Malicious code in bioql PyPI...
EUVD-2023-32370
Malicious code in bioql PyPI...
CVE-2023-28731
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28732
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plug...
CVE-2023-28733
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28733
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28731
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28732
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plug...
Cross site scripting
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
Path traversal
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plug...
Unrestricted file upload
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28733 Stored XSS affecting the AcyMailing plugin for Joomla
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28733
AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0 are affected by a stored XSS in templates and emails of AcyMailing. The vulnerability is exploitable without authentication when access to the campaign creation on the front office is granted. The root cause is a stored cross-site script...
CVE-2023-28732
CVE-2023-28732 concerns the AcyMailing/Joomla plugin: a missing access control vulnerability in the AnyMailing Joomla Plugin allows an attacker with front-office campaign-creation access to list and read files containing sensitive data and perform path traversal to access system files. Affected p...
CVE-2023-28731 Unauthenticated RCE affecting the AcyMailing plugin for Joomla
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28731
CVE-2023-28731 concerns AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0, where an unauthenticated remote code execution is possible due to unrestricted file upload when campaign creation access is granted on the front‑office. The underlying issue is unvalidated uploads allowing PHP co...
PT-2023-21925 · Joomla · Anymailing Joomla Plugin
Name of the Vulnerable Software and Affected Versions: AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0 Description: The issue is related to unauthenticated remote code execution when access to campaign creation is granted on the front-office, due to unrestricted file upload allowing P...
PT-2023-21926 · Joomla · Anymailing Joomla Plugin
Name of the Vulnerable Software and Affected Versions: AnyMailing Joomla Plugin versions prior to 8.3.0 Description: The issue is related to missing access control in the AnyMailing Joomla Plugin, allowing unauthorized access to sensitive information and system files via path traversal. This occu...