96 matches found
MailSherlock 安全漏洞
HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A weak authentication vulnerability exists in HGiga MailSherlock. An attacker can exploit this vulnerability to elevate privileges using a default password generation mechanism...
Hgiga MailSherlock SQL注入漏洞
HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can use this vulnerability to inject and execute SQL commands in the URL parameters of a specific cgi page...
CVE-2019-9883
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...
CVE-2019-9882
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&newmemo=&add=%E6%96%B0%E5%A2%9E without any...
CVE-2019-9882
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&newmemo=&add=%E6%96%B0%E5%A2%9E without any...
CVE-2019-9883
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...
Cross site request forgery (csrf)
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...
Cross site request forgery (csrf)
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&email protected&newmemo=&add=%E6%96%B0%E5%A2%9E without any authorizes...
CVE-2019-9882 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist.
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&newmemo=&add=%E6%96%B0%E5%A2%9E without any...
CVE-2019-9883 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account.
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...
CVE-2019-9883
CVE-2019-9883 describes a CSRF vulnerability in multiple modules of MailSherlock MSR35 and MSR45 that lets an attacker elevate privileges on a targeted account via a crafted request to useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&d...
CVE-2019-9882
The CVE-2019-9882 entry details a CSRF vulnerability in MailSherlock MSR35/MSR45. Attackers could add malicious email sources to the whitelist via the endpoint user/save_list.php with parameters such as ACTION, type=email, category=white, and new=email, without requiring authorization. Affected p...
CVE-2018-17542
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...
Sql injection
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...
CVE-2018-17542
The CVE-2018-17542 entry concerns MailSherlock before 1.5.235 (OAKlouds). The vulnerability is a SQL Injection in the letgo.cgi request via the select_mid parameter, allowing an unauthenticated user to extract the subjects of other users’ emails within the enterprise. The connected records confir...
CVE-2018-17542 SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...