Lucene search
K

96 matches found

Prion
Prion
added 2023/03/27 4:15 a.m.18 views

Cross site scripting

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

5.8CVSS6AI score0.00494EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/27 4:15 a.m.21 views

Improper access control

HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...

5CVSS5.3AI score0.00595EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.6 views

HGiga MailSherlock 跨站脚本漏洞

Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. A cross-site scripting vulnerability exists in HGiga MailSherlock version 4.5, which stems from insufficient filtering of user input by specific function. The vulnerability can be exploited to conduct...

6.1CVSS5.9AI score0.00494EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.7 views

CVE-2023-24840 HGiga MailSherlock - SQL Injection

HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...

7.2CVSS7.3AI score0.00928EPSS
Exploits0References1
CVE
CVE
added 2023/03/27 12:0 a.m.57 views

CVE-2023-24840

HGiga MailSherlock's mail query function contains an SQL injection vulnerability caused by insufficient validation of user input. An authenticated remote attacker with administrator privileges can inject SQL commands to read, modify, and delete the database. Documented across multiple sources (NV...

7.2CVSS7.3AI score0.00928EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.19 views

CVE-2023-24839 HGiga MailSherlock - Reflected XSS

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

6.1CVSS6.2AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.12 views

CVE-2023-24841 HGiga MailSherlock - Command Injection

HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...

7.2CVSS7.3AI score0.00928EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.24 views

CVE-2023-24840 HGiga MailSherlock - SQL Injection

HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...

7.2CVSS7.5AI score0.00928EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.27 views

CVE-2023-24841 HGiga MailSherlock - Command Injection

HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...

7.2CVSS7.5AI score0.00928EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.15 views

HGiga MailSherlock 安全漏洞

Hgiga MailSherlock is an enterprise mail auditing system from China Henderson Technology Hgiga. A security vulnerability exists in HGiga MailSherlock version 4.5, which stems from an insufficient access control issue. The vulnerability can be exploited by an attacker to access parts of other user...

5.3CVSS5.7AI score0.00595EPSS
Exploits0References2
CVE
CVE
added 2023/03/27 12:0 a.m.61 views

CVE-2023-24839

HGiga MailSherlock is affected by CVE-2023-24839: the vulnerability is a reflected XSS caused by insufficient input filtering in a specific function. An unauthenticated remote attacker could inject JavaScript through user input. The available documents confirm the vulnerability exists and describ...

6.1CVSS6.1AI score0.00494EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/27 12:0 a.m.60 views

CVE-2023-24841

CVE-2023-24841 affects HGiga MailSherlock (MailSherlock query function for connection logs). The vulnerability stems from insufficient filtering of user input, enabling a authenticated remote attacker with administrator privileges to inject and execute arbitrary system commands, potentially perfo...

7.2CVSS7.3AI score0.00928EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.11 views

CVE-2023-24839 HGiga MailSherlock - Reflected XSS

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

6.1CVSS6.1AI score0.00494EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.19 views

HGiga MailSherlock 操作系统命令注入漏洞

Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. HGiga MailSherlock version 4.5 suffers from an operating system command injection vulnerability, which originates from an insufficient filtering of user input by the query function. An attacker could...

7.2CVSS7.4AI score0.00928EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.33 views

CVE-2023-24842 HGiga MailSherlock - Broken Access Control

HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...

5.3CVSS5.5AI score0.00595EPSS
Exploits0References1
CVE
CVE
added 2023/03/27 12:0 a.m.56 views

CVE-2023-24842

HGiga MailSherlock is affected by an insufficient access control vulnerability. According to external sources, affected version 4.5 exposes partial contents of other users’ emails to unauthenticated remote attackers who can manipulate URL parameters (userID and mailID) to access data. The root ca...

5.3CVSS5.2AI score0.00595EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.16 views

CVE-2023-24842 HGiga MailSherlock - Broken Access Control

HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...

5.3CVSS5.3AI score0.00595EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.6 views

PT-2023-19819 · Hgiga · Hgiga Mailsherlock

Name of the Vulnerable Software and Affected Versions: HGiga MailSherlock affected versions not specified Description: The issue is related to insufficient access control, allowing an unauthenticated remote user to access partial content of another user's mail. This can be achieved by modifying t...

5.3CVSS5AI score0.00595EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.8 views

PT-2023-8668 · Unknown · Mailsherlock

Name of the Vulnerable Software and Affected Versions: MailSherlock affected versions not specified Description: The issue is related to insufficient filtering for user input in the MailSherlock query function for connection logs. This allows an authenticated remote attacker with administrator...

8.3CVSS7AI score0.00928EPSS
Exploits0References3
CNVD
CNVD
added 2021/03/19 12:0 a.m.10 views

HGiga MailSherlock SQL Injection Vulnerability (CNVD-2021-25618)

Hgiga MailSherlock is a set of enterprise mail audit system from Henderson Hgiga, China. HGiga MailSherlock suffers from a SQL injection vulnerability, which stems from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by an attacker ...

9.8CVSS7.9AI score0.00985EPSS
Exploits0References1
Rows per page
Query Builder