Serendipity 安全漏洞

Serendipity is a PHP-based blog system developed by the Serendipity team. This system supports the creation of online diaries, blogs, and web pages. Versions of Serendipity 2.6-beta2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the email sending feature not...

CVE-2005-3078

Cross-site scripting XSS vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature...

CVE-2022-48594

A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats v0.9.6, which stems from a security issue with the email parameter in the Check Email feature. No details of the vulnerability are provided at this time...

CVE-2021-43981

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-43981 mySCADA myPRO

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...

Verint Workforce Optimization (WFO) Injection Vulnerability

Verint Workforce Optimization is a unified suite of software and services for capturing interactions and managing employee performance across an enterprise or target area. A security vulnerability exists in Verint Workforce Optimization WFO version 15.2. An attacker could exploit the vulnerabilit...

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

CVE-2019-18453

An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions...

CVE-2019-18453

CVE-2019-18453 affects GitLab Community and Enterprise Edition versions 11.6–12.4, in the add comments via email feature. The issue is caused by insecure permissions/improper access control on comments, allowing an attacker to comment when authenticated. Several sources (Red Hat, osv.dev, Debian ...

CVE-2019-18453

Removed by vendor...

PT-2019-12131 · Reolink · Reolink Rlc-422W +4

Name of the Vulnerable Software and Affected Versions: Reolink RLC-410W versions through 1.0.227 Reolink C1 Pro versions through 1.0.227 Reolink C2 Pro versions through 1.0.227 Reolink RLC-422W versions through 1.0.227 Reolink RLC-511W versions through 1.0.227 Description: The issue allows an...

Immunity Canvas: SUGARCRM_FILEUPLOAD

Name| sugarcrmfileupload ---|--- CVE| CVE-2009-2146 Exploit Pack| CANVAS Description| sugarcrmfileupload Notes| CVE Name: CVE-2009-2146 VENDOR: http://www.sugarcrm.com Notes: Tested on SugarCRM 5.2.0c. This exploits needs a valid username and password for SugarCRM to exploit as the vulnerability...

CVE-2004-2166

The print-from-email feature in the Canon ImageRUNNER iR 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25...