GHSA-QJXF-6PR8-J87V Plone's authenticated users able to alter their password despite of policy definition

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

CVE-2021-25957

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

CVE-2021-30140

CVE-2021-30140 affects LiquidFiles 3.4.15, which contains a stored cross-site scripting (XSS) vulnerability in the "+send email" feature when sending a file to an administrator. If the attached file has no extension and contains malicious HTML/JavaScript content (e.g., SVG with HTML), the payload...

PT-2021-18627 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions 3.4.15 Description: The issue is related to stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML/JavaScript content,...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

Cross site scripting

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2020-10098

CVE-2020-10098 affects Zammad 3.0–3.2 via an XSS in the Email functionality. A low-privilege user can supply malicious code in an email, which will execute in the browser of any user who opens the Ticket containing the Article created from that Email. Exploitation details and remediation/fix are ...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident. Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving user...

Cross site request forgery (csrf)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

CVE-2016-4803

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject...

CVE-2016-4803

CVE-2016-4803 affects dotCMS prior to 3.3.2, where the sendEmail functionality is vulnerable to CRLF injection in the subject, enabling remote attackers to inject arbitrary email headers. Root cause is unsanitized CRLF sequences in email header fields. Impact described as header injection risk fo...

PYSEC-2014-62

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:105)

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow...