58 matches found
USN-8242-2 postfixadmin vulnerability
USN-8242-1 fixed a vulnerability in CiviCRM. This update provides the corresponding fix for PostfixAdmin. Original advisory details: Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-si...
USN-8242-2: PostfixAdmin vulnerability
USN-8242-1 fixed a vulnerability in CiviCRM. This update provides the corresponding fix for PostfixAdmin. Original advisory details: Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-si...
EUVD-2012-0839
Malware in sbrugna...
CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
Postfixadmin Protected Alias Deletion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postfixadmin Protected Alias Deletion Vulnerability', 'Description' = %q Postfixadmin installations between 2.91 and 3.0.1 do not check if an adm...
OPENSUSE-SU-2024:11182-1 postfixadmin-3.3.10-1.6 on GA media
These are all security issues fixed in the postfixadmin-3.3.10-1.6 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10388-1 postfixadmin-3.0-1.1 on GA media
These are all security issues fixed in the postfixadmin-3.0-1.1 package on the GA media of openSUSE Tumbleweed...
Ubuntu: Security Advisory (USN-6550-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6550-1 postfixadmin vulnerabilities
It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. CVE-2022-29221 It was discovered that Moment.js, that is...
USN-6550-1: PostfixAdmin vulnerabilities
It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. CVE-2022-29221 It was discovered that Moment.js, that is...
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6550-1 advisory. It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generatin...
SUSE CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
SUSE CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
VulnCheck KEV: CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
in postfixadmin/postfixadmin
✍️ Description clickjacking attack 🕵️♂️ Proof of Concept i see there is no X-Frame-Options reseponse header present which allow to load entire website in iframe . And using this clickjacking attack can be performed . 💥 Impact clickjacking attack...
CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
DEBIAN-CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
Cross site scripting
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
CVE-2012-0812
PostfixAdmin 2.3.4 is affected by multiple XSS vulnerabilities due to insufficient input validation in the web interface. Impact stated as client-side code execution possibilities; exploitation details are not provided in the supplied documents. A remediation exists: upgrade to PostfixAdmin 2.3.5...