96 matches found
Cross site scripting
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...
Improper access control
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
HGiga MailSherlock 跨站脚本漏洞
Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. A cross-site scripting vulnerability exists in HGiga MailSherlock version 4.5, which stems from insufficient filtering of user input by specific function. The vulnerability can be exploited to conduct...
CVE-2023-24840 HGiga MailSherlock - SQL Injection
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
CVE-2023-24840
HGiga MailSherlock's mail query function contains an SQL injection vulnerability caused by insufficient validation of user input. An authenticated remote attacker with administrator privileges can inject SQL commands to read, modify, and delete the database. Documented across multiple sources (NV...
CVE-2023-24839 HGiga MailSherlock - Reflected XSS
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...
CVE-2023-24841 HGiga MailSherlock - Command Injection
HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...
CVE-2023-24840 HGiga MailSherlock - SQL Injection
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
CVE-2023-24841 HGiga MailSherlock - Command Injection
HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...
HGiga MailSherlock 安全漏洞
Hgiga MailSherlock is an enterprise mail auditing system from China Henderson Technology Hgiga. A security vulnerability exists in HGiga MailSherlock version 4.5, which stems from an insufficient access control issue. The vulnerability can be exploited by an attacker to access parts of other user...
CVE-2023-24839
HGiga MailSherlock is affected by CVE-2023-24839: the vulnerability is a reflected XSS caused by insufficient input filtering in a specific function. An unauthenticated remote attacker could inject JavaScript through user input. The available documents confirm the vulnerability exists and describ...
CVE-2023-24841
CVE-2023-24841 affects HGiga MailSherlock (MailSherlock query function for connection logs). The vulnerability stems from insufficient filtering of user input, enabling a authenticated remote attacker with administrator privileges to inject and execute arbitrary system commands, potentially perfo...
CVE-2023-24839 HGiga MailSherlock - Reflected XSS
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...
HGiga MailSherlock 操作系统命令注入漏洞
Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. HGiga MailSherlock version 4.5 suffers from an operating system command injection vulnerability, which originates from an insufficient filtering of user input by the query function. An attacker could...
CVE-2023-24842 HGiga MailSherlock - Broken Access Control
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
CVE-2023-24842
HGiga MailSherlock is affected by an insufficient access control vulnerability. According to external sources, affected version 4.5 exposes partial contents of other users’ emails to unauthenticated remote attackers who can manipulate URL parameters (userID and mailID) to access data. The root ca...
CVE-2023-24842 HGiga MailSherlock - Broken Access Control
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...
PT-2023-19819 · Hgiga · Hgiga Mailsherlock
Name of the Vulnerable Software and Affected Versions: HGiga MailSherlock affected versions not specified Description: The issue is related to insufficient access control, allowing an unauthenticated remote user to access partial content of another user's mail. This can be achieved by modifying t...
PT-2023-8668 · Unknown · Mailsherlock
Name of the Vulnerable Software and Affected Versions: MailSherlock affected versions not specified Description: The issue is related to insufficient filtering for user input in the MailSherlock query function for connection logs. This allows an authenticated remote attacker with administrator...
HGiga MailSherlock SQL Injection Vulnerability (CNVD-2021-25618)
Hgiga MailSherlock is a set of enterprise mail audit system from Henderson Hgiga, China. HGiga MailSherlock suffers from a SQL injection vulnerability, which stems from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by an attacker ...