Lucene search
K

96 matches found

CNNVD
CNNVD
added 2020/12/31 12:0 a.m.7 views

MailSherlock 安全漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A weak authentication vulnerability exists in HGiga MailSherlock. An attacker can exploit this vulnerability to elevate privileges using a default password generation mechanism...

10CVSS5.8AI score0.01654EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.5 views

Hgiga MailSherlock SQL注入漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can use this vulnerability to inject and execute SQL commands in the URL parameters of a specific cgi page...

7.6CVSS6AI score0.00598EPSS
Exploits0References2
OSV
OSV
added 2019/06/03 6:29 p.m.4 views

CVE-2019-9883

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...

8.8CVSS5.8AI score0.00669EPSS
Exploits1References2
OSV
OSV
added 2019/06/03 6:29 p.m.4 views

CVE-2019-9882

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&newmemo=&add=%E6%96%B0%E5%A2%9E without any...

8.8CVSS5.8AI score0.00669EPSS
Exploits1References2
NVD
NVD
added 2019/06/03 6:29 p.m.18 views

CVE-2019-9882

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&newmemo=&add=%E6%96%B0%E5%A2%9E without any...

8.8CVSS8.7AI score0.00669EPSS
Exploits1References2
NVD
NVD
added 2019/06/03 6:29 p.m.19 views

CVE-2019-9883

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...

8.8CVSS8.7AI score0.00669EPSS
Exploits1References2
Prion
Prion
added 2019/06/03 6:29 p.m.18 views

Cross site request forgery (csrf)

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...

6.8CVSS8.6AI score0.00669EPSS
Exploits1References2Affected Software8
Prion
Prion
added 2019/06/03 6:29 p.m.16 views

Cross site request forgery (csrf)

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&email protected&newmemo=&add=%E6%96%B0%E5%A2%9E without any authorizes...

6.8CVSS8.6AI score0.00669EPSS
Exploits1References2Affected Software8
Cvelist
Cvelist
added 2019/06/03 6:3 p.m.20 views

CVE-2019-9882 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist.

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&newmemo=&add=%E6%96%B0%E5%A2%9E without any...

8.7AI score0.00669EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/06/03 6:3 p.m.20 views

CVE-2019-9883 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account.

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...

8.7AI score0.00669EPSS
Exploits1References2
CVE
CVE
added 2019/06/03 6:3 p.m.67 views

CVE-2019-9883

CVE-2019-9883 describes a CSRF vulnerability in multiple modules of MailSherlock MSR35 and MSR45 that lets an attacker elevate privileges on a targeted account via a crafted request to useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&d...

8.8CVSS8.8AI score0.00669EPSS
Exploits1References2Affected Software8
CVE
CVE
added 2019/06/03 6:3 p.m.70 views

CVE-2019-9882

The CVE-2019-9882 entry details a CSRF vulnerability in MailSherlock MSR35/MSR45. Attackers could add malicious email sources to the whitelist via the endpoint user/save_list.php with parameters such as ACTION, type=email, category=white, and new=email, without requiring authorization. Affected p...

8.8CVSS8.7AI score0.00669EPSS
Exploits1References2Affected Software8
NVD
NVD
added 2019/02/11 8:29 p.m.21 views

CVE-2018-17542

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...

5.3CVSS5.5AI score0.01229EPSS
Exploits0References2
Prion
Prion
added 2019/02/11 8:29 p.m.16 views

Sql injection

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...

5CVSS6AI score0.01229EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/02/11 8:0 p.m.59 views

CVE-2018-17542

The CVE-2018-17542 entry concerns MailSherlock before 1.5.235 (OAKlouds). The vulnerability is a SQL Injection in the letgo.cgi request via the select_mid parameter, allowing an unauthenticated user to extract the subjects of other users’ emails within the enterprise. The connected records confir...

5.3CVSS5.6AI score0.01229EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/02/11 8:0 p.m.20 views

CVE-2018-17542 SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...

4.3CVSS6AI score0.01229EPSS
Exploits0References2
Rows per page
Query Builder