12 matches found
CVE-2021-41083
CVE-2021-41083 is a CSRF vulnerability in Dada Mail prior to version 11.16.0. In affected versions, a user who is logged into the list control panel could be induced to visit a malicious page (via phishing email/SMS, etc.) that allows an attacker to perform actions in the user’s session, includin...
pinnacleworldwide.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-565013 Description| Value ---|--- Affected Website:| pinnacleworldwide.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Majordomo 1.89/1.90 lists Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2310/info Majordomo is a perl-based Internet e-mail list server. Versions prior to 1.91 are vulnerable to an attack whereby specially crafted e-mail headers are incorrectly processed, yielding the ability to execute...
Job Portal Multiple Vulnerabilities
Exploit for php platform in category web applications =================================== Job Portal Multiple Vulnerabilities =================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...
Magician Blog 1.0 - ids SQL Injection
Magician Blog 1.0 - ids SQL Injection ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
dvbbs delete the upload. inc after the shell was a method-vulnerability warning-the black bar safety net
dvbbs delete the upload. inc after the shell was a method - the premise is to give the front Desk administrative privileges Into the background after Go to the user management Just change the personal e-mail address for %eval requestchr3 5%@163.com After saving Find the mail list export Then expo...
XSS vulnerability in Dada Mail
The remote host is running Dada Mail, a free, e-mail list management system written in Perl. According to its banner, the remote version of this software does not properly validate user written content before submitting that data to the archiving system. A malicious user could embed arbitrary...
CVE-1999-1155
CVE-1999-1155 affects the LakeWeb Mail List CGI script, where remote attackers can execute arbitrary commands by injecting shell metacharacters into the recipient email address. The description specifies a remote command execution risk with network access and no authentication. No explicit patch ...
UtilMind Mail List 1.7 - Users Can Execute Commands
Exploit for cgi platform in category web applications =================================================== UtilMind Mail List 1.7 - Users Can Execute Commands =================================================== !/usr/bin/perl -w Mailing List & News Version 1.7 / PoC Exploit. UtilMind Solutions /...
UtilMind Mail List 1.7 - Users Can Execute Commands
UtilMind Mail List 1.7 - Users Can Execute Commands !/usr/bin/perl -w Mailing List & News Version 1.7 / PoC Exploit. UtilMind Solutions / http://www.utilmind.com/ Actually a pretty amusing exploit to write! The 'openMAIL, "|$mailprog $address"' ... code sends e-mail to those who are on the mailin...
UtilMind Mail List 1.7 - Users Can Execute Commands
!/usr/bin/perl -w Mailing List & News Version 1.7 / PoC Exploit. UtilMind Solutions / http://www.utilmind.com/ Actually a pretty amusing exploit to write! The 'openMAIL, "|$mailprog $address"' ... code sends e-mail to those who are on the mailing list - and the subscribers' e-mail addresses are...
CVE-1999-1155
LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...