CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

139 matches found

CVE•added 2013/11/20 11:0 a.m.•48 views

CVE-2013-6830

CVE-2013-6830 affects PineApp Mail-SeCure before version 3.70 on 5099SK and earlier platforms. A vulnerability in the admin/confnetworking.html page allows remote attackers to inject shell commands via the nsserver parameter during an nslookup request due to insufficient input sanitization of met...

7.5CVSS7.7AI score0.08929EPSS

Exploits5References1Affected Software1

CVE•added 2013/11/20 11:0 a.m.•43 views

CVE-2013-6829

CVE-2013-6829 describes a remote command injection in PineApp Mail-SeCure via the admin/confnetworking.html interface. The vulnerability allows an attacker to append shell metacharacters in the pinghost parameter during a ping operation, leading to arbitrary command execution on the remote host. ...

7.5CVSS7.8AI score0.78343EPSS

Exploits1References1Affected Software1

CVE•added 2013/11/20 11:0 a.m.•40 views

CVE-2013-6828

CVE-2013-6828 : The connected sources confirm a remote authentication-bypass vulnerability in PineApp Mail-SeCure, where accessing the admin/management.html page allows bypassing authentication and performing a sys_usermng operation via the it parameter. Affected component: admin interface of Pin...

6.4CVSS7.2AI score0.01338EPSS

Exploits0References1Affected Software1

CVE•added 2013/11/20 11:0 a.m.•40 views

CVE-2013-6827

CVE-2013-6827 affects PineApp Mail-SeCure appliances, with an absolute path traversal in the admin/viewmsg.php endpoint. The vulnerability allows an attacker to read arbitrary files by supplying a full pathname in the msg parameter. The issue is confirmed by multiple feeds in the connected docume...

5CVSS6.8AI score0.01439EPSS

Exploits0References1Affected Software1

exploitpack•added 2013/11/20 12:0 a.m.•18 views

PineApp MailSecure - Remote Command Execution

PineApp MailSecure - Remote Command Execution ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https request, without authentication...

7.7AI score

Exploits0

Packet Storm•added 2013/11/19 12:0 a.m.•18 views

PineApp MailSecure Command Execution

Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...

7.4AI score

Exploits0

NVD•added 2013/11/08 4:47 a.m.•12 views

CVE-2013-4987

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command...

8.5CVSS6.4AI score0.02992EPSS

Exploits6References1

Prion•added 2013/11/08 4:47 a.m.•14 views

Command injection

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command...

8.5CVSS7AI score0.02992EPSS

Exploits6References1Affected Software1

CVE•added 2013/11/08 2:0 a.m.•55 views

CVE-2013-4987

CVE-2013-4987 affects PineApp Mail-SeCure pre-3.70. It is a local privilege-escalation via an access-control failure: a non-privileged user can obtain a root shell by sending a crafted command in the Mail-SeCure console (example: pa_cli system ping /bin/sh). Root access is achieved locally; all v...

8.5CVSS6.5AI score0.02992EPSS

Exploits6References1Affected Software1

Cvelist•added 2013/11/08 2:0 a.m.•23 views

CVE-2013-4987

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command...

6.4AI score0.02992EPSS

Exploits6References1

Check Point Advisories•added 2013/10/27 12:0 a.m.•0 views

PineApp Mail-SeCure livelog.html Command Injection

Multiple command Injection vulnerabilities exist in PineApp Mail-SeCure...

7.6AI score

Exploits0

Packet Storm•added 2013/10/15 12:0 a.m.•18 views

PineApp Mail-Secure Command Execution

pineapp makes an anti-spam product, which can be downloaded for vmware, etc. the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but...

7.4AI score

Exploits0

Packet Storm•added 2013/10/02 12:0 a.m.•51 views

PinApp Mail-SeCure Access Control Failure

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PinApp Mail-SeCure Access Control Failure 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:...

8.5CVSS0.3AI score0.02992EPSS

Exploits6

Core Security•added 2013/10/02 12:0 a.m.•35 views

PinApp Mail-SeCure Access Control Failure

Advisory ID Internal CORE-2013-0904 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:https://www.coresecurity.com/core-labs/advisories/pinapp-mail-secure-access-control-failure Date published: 2013-10-02 Date of last update:...

8.5CVSS6.6AI score0.02992EPSS

Exploits6

securityvulns•added 2013/10/02 12:0 a.m.•26 views

PineApp Mail-SeCure privilege escalation

Unfiltered shell characters vulnerability...

8.5CVSS3.2AI score0.02992EPSS

Exploits6References1Affected Software1

securityvulns•added 2013/10/02 12:0 a.m.•52 views

CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure

8.5CVSS0.1AI score0.02992EPSS

Exploits6

0day.today•added 2013/10/02 12:0 a.m.•55 views

PinApp Mail-SeCure Access Control Failure

Core Security Technologies Advisory - A security vulnerability was discovered in PineApp Mail-SeCure Suite, allowing a non-privileged attacker to get a root shell by sending a specially crafted command from the Mail-SeCure console. A valid user account is needed to launch the attack, so this is a...

8.5CVSS6.6AI score0.02992EPSS

Exploits6