CVE-2026-2938 SourceCodester Student Result Management System update_smtp.php access control

A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/updatesmtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit ha...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS , the vulnerability stems from a mail file staging deserialization flaw , which could lead to arbitrary PHP code execution . The following versions are affected: version 10.0.0 to 10.4.54...

Library System mail.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...

CVE-2025-12275

The CVE-2025-12275 issue affects Azure Access Technology BLU-IC2 and BLU-IC4 (networked access controllers) up to and including version 1.19.5. The vulnerability stems from the mail configuration handling process, described as mail configuration file manipulation due to improper input validation,...

EUVD-2020-30699

Malware in sbrugna...

EUVD-2000-0166

Malware in sbrugna...

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

CVE-2025-34163 Dongsheng Logistics Software Unauthenticated Arbitrary File Upload

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

Dongsheng Logistics Software 安全漏洞

Dongsheng Logistics Software is a logistics management system from Dongsheng, China. A security vulnerability exists in Dongsheng Logistics Software that originates from the /CommMng/Print/UploadMailFile endpoint that does not validate the file type, which could lead to remote code execution...

CVE-2024-33749

DedeCMS V5.7.114 is vulnerable to deletion of any file via mailfilemanage.php...

CVE-2024-33749

Summary of CVE-2024-33749 : DedeCMS v5.7.114 is vulnerable to deletion of any file via the mail_file_manage.php script. The vulnerability enables unauthorized file deletion, with CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (base score 9.1, CRITICAL) indicating high impact on integrity and availa...

Desdev DedeCMS 安全漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DedeCMS versi...

PT-2024-25462 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: The issue allows for the deletion of any file via the "mail file manage.php" script. This can potentially lead to significant data loss or system compromise. There is a mention of a Denial of Service DoS...

PT-2023-32025 · Unknown · Online Banquet Booking System

Name of the Vulnerable Software and Affected Versions: Online Banquet Booking System version 1.0 Description: A vulnerability was found in the Online Banquet Booking System, affecting some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the messag...

CVE-2023-26986

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...

CVE-2022-32963

OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files...

CVE-2022-32963 ITPison OMICARD EDM - Path Traversal-1

OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files...

CVE-2013-0525

Multiple cross-site scripting XSS vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX...

CVE-2013-0525

Multiple cross-site scripting XSS vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX...

PT-2006-6311 · Snitz · Snitz Forums 2000

Name of the Vulnerable Software and Affected Versions: Snitz Forums 2000 version 3.4.06 Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the RC parameter in the pop mail.asp file. Recommendations: For Snitz Forums 2000...