Lucene search
+L

489 matches found

Atlassian
Atlassian
added 2013/09/20 5:8 p.m.21 views

doremovespacemail action can be called by non-admins

The doremovespacemail action is provided by the confluence-mail-archiving plugin, and allows all of the archived mail associated with a space to be removed. This action can be called by any authenticated user, which appears to be an oversight in access control, given that similar methods such as...

1.3AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2012/09/11 4:49 p.m.39 views

Plugx RAT targeting government organizations in Japan using spear phishing

Roland Dela Paz Threat Researcher at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool RAT called Plugx also known as Korplug. This new custom made version comes for less recognition...

9.3CVSS8.3AI score0.82485EPSS
Exploits13
NVD
NVD
added 2007/07/06 7:30 p.m.22 views

CVE-2006-7219

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft...

4CVSS6.3AI score0.00982EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/01/31 12:0 a.m.36 views

unalz archiver buffer overflow

Buffer overflow on oversized archived file name...

4.7AI score
Exploits0References2Affected Software1
NVD
NVD
added 2005/08/17 4:0 a.m.23 views

CVE-2005-2595

Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...

4.3CVSS6.2AI score0.01164EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/08/17 4:0 a.m.35 views

CVE-2005-2595

Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...

6.2AI score0.01164EPSS
Exploits0References3
securityvulns
securityvulns
added 2003/09/06 12:0 a.m.30 views

wu-ftpd shell characters problem

During tar execution for archived files receiving '-' sign is not commented...

4.6AI score
Exploits0References1Affected Software1
NVD
NVD
added 2002/08/12 4:0 a.m.24 views

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

7.5CVSS6.7AI score0.02515EPSS
Exploits0References5
OSV
OSV
added 2002/08/12 4:0 a.m.4 views

DEBIAN-CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

7.5CVSS7.2AI score0.02515EPSS
Exploits0References1
Rows per page
Query Builder