44 matches found
EUVD-2020-18483
Malware in sbrugna...
EUVD-2020-23399
Malware in sbrugna...
EUVD-2020-23398
Malware in sbrugna...
CVE-2023-24840
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
CVE-2023-24842
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
Sql injection
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
Improper access control
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
HGiga MailSherlock 跨站脚本漏洞
Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. A cross-site scripting vulnerability exists in HGiga MailSherlock version 4.5, which stems from insufficient filtering of user input by specific function. The vulnerability can be exploited to conduct...
PT-2023-19819 · Hgiga · Hgiga Mailsherlock
Name of the Vulnerable Software and Affected Versions: HGiga MailSherlock affected versions not specified Description: The issue is related to insufficient access control, allowing an unauthenticated remote user to access partial content of another user's mail. This can be achieved by modifying t...
CVE-2023-24842 HGiga MailSherlock - Broken Access Control
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
CVE-2023-24840 HGiga MailSherlock - SQL Injection
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
CVE-2023-24842 HGiga MailSherlock - Broken Access Control
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
CVE-2023-24840 HGiga MailSherlock - SQL Injection
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
CVE-2023-24841 HGiga MailSherlock - Command Injection
HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...
CVE-2023-24841 HGiga MailSherlock - Command Injection
HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...
CVE-2023-24839 HGiga MailSherlock - Reflected XSS
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...
CVE-2023-24842
HGiga MailSherlock is affected by an insufficient access control vulnerability. According to external sources, affected version 4.5 exposes partial contents of other users’ emails to unauthenticated remote attackers who can manipulate URL parameters (userID and mailID) to access data. The root ca...
CVE-2023-24839 HGiga MailSherlock - Reflected XSS
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...
HGiga MailSherlock 安全漏洞
Hgiga MailSherlock is an enterprise mail auditing system from China Henderson Technology Hgiga. A security vulnerability exists in HGiga MailSherlock version 4.5, which stems from an insufficient access control issue. The vulnerability can be exploited by an attacker to access parts of other user...
HGiga MailSherlock SQL Injection Vulnerability (CNVD-2021-25618)
Hgiga MailSherlock is a set of enterprise mail audit system from Henderson Hgiga, China. HGiga MailSherlock suffers from a SQL injection vulnerability, which stems from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by an attacker ...