134 matches found
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959
CVE-2024-41959 affects mailcow: dockerized. An unauthenticated attacker can inject a JavaScript payload into the API logs, which is executed when the API logs page is viewed. This can enable malicious scripts to run in the user’s browser, potentially leading to unauthorized actions and data theft...
CVE-2024-41958
CVE-2024-41958 affects mailcow: dockerized. An authenticated attacker who has access to a user account and knows a target account’s credentials (with 2FA enabled) can bypass the 2FA protection and access the protected account. Affected: mailcow: dockerized (versions prior to 2024-07). Root cause:...
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...
PT-2024-5830 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: A vulnerability has been discovered in the two-factor authentication 2FA mechanism of mailcow: dockerized, an open source groupware/email suite based on docker. This flaw allows an...
CVE-2024-30270
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...
CVE-2024-31204
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEVMODE. The system saves...
CVE-2024-31204 mailcow Cross-site Scripting Vulnerability via Exception Handler
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEVMODE. The system saves...
CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...
CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...
CVE-2024-30270
The CVE-2024-30270 entry pertains to mailcow: dockerized prior to the 2024-04 release. A vulnerability combines path traversal and arbitrary code execution targeting the rspamd_maps() function, allowing an authenticated admin to overwrite any file writable by the www-data user due to improper pat...
CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...
PT-2024-5037 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow:dockerized versions prior to 2024-04 Description: The issue is related to the rspamd maps function and involves improper path validation, allowing for path traversal and arbitrary code execution. This can enable an authenticated admin...
mailcow 安全漏洞
mailcow is a mail server suite. A security vulnerability exists in versions prior to mailcow-dockerized 2024-04 that stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2024-24760
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...