EUVD-2019-2240

Malware in sbrugna...

MailStore Server and Service Provider Edition Authorization Issues Vulnerability

MailStore Server is a set of email storage solutions from MailStore Germany. The product is mainly used for email archiving, email management and email storage functions.MailStore Server Service Provider Edition is the service edition of MailStore Server. An authorization issue vulnerability exis...

CVE-2019-10229

An issue was discovered in MailStore Server and Service Provider Edition 9.x through 11.x before 11.2.2. When the directory service for synchronizing and authenticating users is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login...

CVE-2019-10229

An issue was discovered in MailStore Server and Service Provider Edition 9.x through 11.x before 11.2.2. When the directory service for synchronizing and authenticating users is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login...

Code injection

An issue was discovered in MailStore Server and Service Provider Edition 9.x through 11.x before 11.2.2. When the directory service for synchronizing and authenticating users is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login...

CVE-2019-10229

MailStore Server and MailStore Server Service Provider Edition are affected (versions 9.x–11.x before 11.2.2). The root cause is an authentication issue when the directory service is set to Generic LDAP, allowing an attacker to log in as an existing user with an arbitrary password on the second l...

CVE-2019-10229

An issue was discovered in MailStore Server and Service Provider Edition 9.x through 11.x before 11.2.2. When the directory service for synchronizing and authenticating users is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login...

MailStore Server search-result Reflected Cross-Site Scripting

A reflected cross-site scripting vulnerability has been reported in MailStore Server. The vulnerability is due to insufficient input validation on user input for search results. A remote user can exploit this vulnerability by enticing an authenticated user to click on a malicious link...

MailStore 10.0.1 Cross Site Scripting / Open Redirect

secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server Affected Products MailStore Server Version 10.0.1.12148 was tested according to the vendor: - MailStore 9.2 to 10.0.1 is affected by the Reflected XSS Vulnerability - Mailstore 9.0 to 10.0.1 is affected by the Open Redirect...