95 matches found
CVE-2020-12782
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files...
CVE-2020-12782
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files...
Command injection
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files...
CVE-2020-12782
Openfind MailGates is affected by a Command Injection flaw. According to the CVE description, when receiving an email containing specific strings, malicious code in the mail attachment may be triggered, granting unauthorized access to system files. The issue is reported with CVSS data indicating ...
CVE-2020-12782 Openfind MailGates - Command Injection
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files...
CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities...
Openfind Mail2000 /cgi-bin/go page cross-site scripting vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the /cgi-bin/go page in Openfind MAIL2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker c...
Openfind Mail2000 Open Redirect Vulnerability
Openfind Mail2000 is a Web-based e-mail system. An input validation error vulnerability exists in the '/cgi-bin/go' page in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a network system or product that does not properly validate incoming data. An...
Openfind MAIL2000 /cgi-bin/portal Login Function Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the login function of /cgi-bin/portal in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client data by the WEB application. A...
Openfind Mail2000 Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in Webmail in Openfind Mail2000 v6. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can exploit this vulnerability to execute client-side code...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
Design/Logic Flaw
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
CVE-2019-9763
Openfind Mail2000 Webmail (versions 6.0 and 7.0) is affected by a Cross‑Site Scripting vulnerability. The root cause is insufficient validation of client data in Webmail, enabling XSS via an email containing the substring <object data="data:text/html. The vendor subsequently patched this. CVSS...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...