Cellopoint Cellos Remote Command Execution Vulnerability

Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A remote command execution vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product's failure to properly validate incoming URLs, whic...

Directory traversal

Directory traversal vulnerability in javatesterinit.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. dot dot in the template parameter...

CVE-2012-2202

Directory traversal vulnerability in javatesterinit.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. dot dot in the template parameter...

CVE-2012-2955

This CVE affects IBM ISS Proventia Mail Security System and Lotus Protector for Mail Security. The vulnerability is cross-site scripting (XSS) in the administrative web interface, where an attacker can inject arbitrary JavaScript/HTML via the HTTP request query string (reflected XSS). This could ...

CVE-2010-0155

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

Directory traversal

Directory traversal vulnerability in sla/index.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. dot dot in the l parameter, related to an "Insecur...

CVE-2010-0152

Multiple cross-site scripting XSS vulnerabilities in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via 1 the date1 parameter to pvmmessagestore.php, 2...

CVE-2010-0155

The CVE-2010-0155 issue affects IBM Proventia Network Mail Security System (PNMSS) with firmware older than 2.5, specifically the Local Management Interface (LMI). A CRLF injection vulnerability exists in load.php that is exploitable by remote authenticated users via the javaVersion parameter, en...

CVE-2010-0152

The CVE-2010-0152 entry corresponds to multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) of the IBM Proventia Network Mail Security System (PNMSS) appliance, affecting firmware prior to 2.5.0.2. The XSS flaws enable injection of arbitrary script/HTML via ...

CVE-2010-0154

The CVE-2010-0154 entry concerns IBM Proventia Network Mail Security System (PNMSS) with firmware before 2.5. The vulnerability is an Insecure Direct Object Reference in the Local Management Interface (LMI) at sla/index.php, where an authenticated remote attacker can manipulate the l parameter (....

CVE-2010-0153

Multiple cross-site request forgery CSRF vulnerabilities in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that 1 change settings o...

CVE-2009-2543

CVE-2009-2543 (and closely related CVE-2009-1240) describes unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 (20081231) used in multiple IBM Proventia products that allow remote attackers to bypass malware detection by presenting modified archive formats (ZIP/CAB or RAR). The co...