Lucene search
K

79 matches found

nessus
nessus
added 2020/04/10 12:0 a.m.37 views

CentOS 7 : mailman (RHSA-2020:1054)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1054 advisory. - Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via...

6.5CVSS6.5AI score0.02541EPSS
Exploits0References3
redhat
redhat
added 2020/03/31 8:58 p.m.8 views

mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS5.8AI score0.02541EPSS
Exploits0References4
nvd
nvd
added 2019/12/27 5:15 p.m.29 views

CVE-2013-4763

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission...

4.6CVSS4.9AI score0.00353EPSS
Exploits0References2
nvd
nvd
added 2019/07/01 8:15 p.m.22 views

CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the...

4.3CVSS4.6AI score0.00954EPSS
Exploits0References2
prion
prion
added 2019/07/01 8:15 p.m.20 views

Code injection

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the...

4.3CVSS4.2AI score0.00954EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2019/04/26 5:29 p.m.21 views

CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...

4.3CVSS4.3AI score0.00791EPSS
Exploits1References2
debiancve
debiancve
added 2019/04/26 4:10 p.m.30 views

CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...

4.3CVSS7.3AI score0.00791EPSS
Exploits1
nvd
nvd
added 2019/02/07 9:29 p.m.26 views

CVE-2019-1680

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

4.3CVSS4.8AI score0.01412EPSS
Exploits0References2
prion
prion
added 2019/02/07 9:29 p.m.18 views

Input validation

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

4.3CVSS4.9AI score0.01412EPSS
Exploits0References2Affected Software2
vulnrichment
vulnrichment
added 2019/02/07 9:0 p.m.8 views

CVE-2019-1680 Cisco Webex Business Suite Content Injection Vulnerability

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

4.3CVSS7.1AI score0.01412EPSS
Exploits0References2
cvelist
cvelist
added 2019/02/07 9:0 p.m.27 views

CVE-2019-1680 Cisco Webex Business Suite Content Injection Vulnerability

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

4.3CVSS4.9AI score0.01412EPSS
Exploits0References2
osv
osv
added 2019/01/04 10:3 a.m.7 views

SUSE-SU-2019:13924-1 Security update for mailman

This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal vulnerability in MTA...

8.8CVSS6.6AI score0.07964EPSS
Exploits4References11
nessus
nessus
added 2018/12/31 12:0 a.m.24 views

SUSE SLES12 Security Update : mailman (SUSE-SU-2018:4296-1)

This update for mailman fixes the following security vulnerabilities : Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 Fixed a directory traversal...

8.8CVSS6.5AI score0.07964EPSS
Exploits4References16
osv
osv
added 2018/12/28 5:38 p.m.7 views

SUSE-SU-2018:4296-1 Security update for mailman

This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal...

8.8CVSS6.7AI score0.07964EPSS
Exploits4References11
osv
osv
added 2018/09/21 4:26 p.m.8 views

MGASA-2018-0383 Updated mailman packages fix security vulnerability

Updated mailman package fixes security vulnerability: It was discovered that mailman prior to 2.1.29 mishandled URLs in Utils.py:GetPathPieces which allowed attackers to display arbitrary text on trusted sites CVE-2018-13796...

6.5CVSS6.7AI score0.02541EPSS
Exploits0References3
osv
osv
added 2018/09/11 6:57 p.m.22 views

GHSA-XQVG-XM9M-P2C4 Moderate severity vulnerability that affects mailman

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS6.4AI score0.02541EPSS
Exploits0References7
redhatcve
redhatcve
added 2018/07/27 2:18 a.m.24 views

CVE-2018-13796

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS1.8AI score0.02541EPSS
Exploits0References2
cnvd
cnvd
added 2018/07/17 12:0 a.m.2 views

Mailman Design Vulnerability

Mailman is a shareware program developed by Python, using which you can manage mailing lists. A security vulnerability exists in Mailman versions prior to 2.1.28, where an attacker can cause arbitrary text to be displayed on a web page at a trusted site using a carefully crafted URL...

6.5CVSS6.6AI score0.02541EPSS
Exploits0References1
osv
osv
added 2018/07/12 6:29 p.m.4 views

UBUNTU-CVE-2018-13796

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS6.7AI score0.02541EPSS
Exploits0References5
osv
osv
added 2018/07/12 6:29 p.m.4 views

CVE-2018-13796

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS5.9AI score0.02541EPSS
Exploits0References5
Rows per page
Query Builder