EUVD-2018-6834

Malware in sbrugna...

EUVD-2023-39865

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error message display mechanism. An attacker can inject malicious scripts that are executed in the user's browser by...

RHEL 5 : squirrelmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squirrelmail: Insufficient escaping of user-supplied data CVE-2017-7692 - SquirrelMail: Directory travers...

BIT-ROUNDCUBE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

CVE-2023-35872

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

Design/Logic Flaw

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

PT-2023-4071 · Sap · Sap Netweaver Process Integration

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration version SAP XIAF 7.50 Description: The issue is related to the Message Display Tool MDT component of SAP NetWeaver Process Integration, which lacks proper authentication checks for certain functionalities. Th...

SUSE CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

Mozilla: Incorrect security status shown after viewing an attached email

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is seamlessly integrated with a management suite.Oracle Email...

OPENSUSE-SU-2021:0387-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.8 fixed: Importing an address book from a CSV file always reported an error fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved fixed: Calendar: FileLink UI...

SUSE-SU-2020:3632-1 Security update for mutt

This update for mutt fixes the following issues: - Find and display the content of messages properly. bsc1179461 - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for...

Cross-Site Scripting (XSS)

roundcube is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via HTML messages during message display...

Code injection

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Message Display. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Ema...

OPENSUSE-SU-2020:0003-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 68.3esr MFSA 2019-38 bsc1158328 Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 - CVE-2019-13722: Fixed a stack corruption due to incorrect number of...

CVE-2018-14955

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations animate to attribute...

Oracle E-Business Multiple Vulnerabilities (Jan 2019 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2019 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the January 2019 Critical Patch Update advisory : - Oracle CRM Technical Foundation Messages component is...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2019-28438)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. Email Center is one of the e-mail component. A securi...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2019-28439)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. Email Center is one of the e-mail component. A securi...