20 matches found
CVE-2026-4846
The CVE-2026-4846 issue affects dameng100 muucmf 1.9.5.20260309 . The vulnerability resides in an unknown function within the file channel/admin.Account/autoReply.html , where manipulation of the argument keyword enables a cross-site scripting (XSS) condition. It is remotely exploitable , with th...
EUVD-2020-6194
Malware in sbrugna...
CVE-2023-41159
A Stored Cross-Site Scripting XSS vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually...
CVE-2023-41159
A Stored Cross-Site Scripting XSS vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually...
Usermin Cross-Site Scripting Vulnerability
Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A cross-site scripting vulnerability exists in Usermin version 2.001, which arises from a security issue when editing the autoreply file page and allows remote...
Lark Technologies: Able to steal private files by manipulating response using Auto Reply function of Lark
A IDOR Insecure Direct Object Reference vulnerability was found within the "AutoReply" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imrannisar for reporting...
CVE-2020-14028
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...
CVE-2020-14028
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...
Path traversal
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...
CVE-2020-14028
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...
CentOS Web Panel SQL Injection Vulnerability (CNVD-2020-44590)
CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxmailautoreply.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which originates from the program not properly validating a user-supplied string. An attacker could exploit this...
CentOS Web Panel SQL Injection Vulnerability (CNVD-2020-44588)
CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxmailautoreply.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which originates from the program not properly validating a user-supplied string. An attacker could exploit this...
CentOS Web Panel SQL Injection Vulnerability (CNVD-2020-43613)
CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxmailautoreply.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which originates from the program not properly validating a user-supplied string. An attacker could exploit this...
CVE-2020-15628
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the user parameter, the...
CVE-2020-15621
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the email parameter, the...
CVE-2020-15627
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the account parameter, th...
CVE-2020-15622
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the search parameter, the...
PT-2020-14551 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax mail autoreply.php file,...
PT-2020-14544 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mail...
PT-2020-14550 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mail...