58 matches found
CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities...
Postfixadmin Protected Alias Deletion Vulnerability
Postfixadmin installations between 2.91 and 3.0.1 do not check if an admin is allowed to delete protected aliases. This vulnerability can be used to redirect protected aliases to an other mail address. Eg. rewrite the postmaster@domain alias This module requires Metasploit:...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
DEBIAN-CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
ALPINE-CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
Design/Logic Flaw
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
UBUNTU-CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
CVE-2017-5930
The CVE-2017-5930 issue affects PostfixAdmin's AliasHandler. The AliasHandler component before 3.0.2 permits remote authenticated domain admins to delete protected aliases via delete.php due to a missing permission check, enabling unintended alias deletion. Public sources confirm the fix is to up...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...
openSUSE Security Update : postfixadmin (openSUSE-2017-261)
postfixadmin was updated to 3.0.2 to fix the following issues : - PostfixAdmin 3.0.2 : - SECURITY: don't allow to delete protected aliases CVE-2017-5930, boo1024211 - fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performan...
PostfixAdmin Session Management Security Bypass Vulnerability
PostfixAdmin is a web-based administration tool for Postfix mail delivery servers. A security bypass vulnerability exists in PostfixAdmin. An attacker could use this vulnerability to bypass security restrictions to obtain sensitive information or perform unauthorized operations to launch further...
FreeBSD : postfixadmin -- SQL injection vulnerability (ff98087f-0a8f-11e4-b00b-5453ed2e2b49)
Thijs Kinkhorst reports : Postfixadmin has a SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...
openSUSE Security Update : PostfixAdmin (openSUSE-SU-2014:0715-1)
Update PostfixAdmin to 2.3.7 : - fix a SQL injection in list-virtual.php CVE-2014-2655, bnc870434 - add support for new longer TLDs like .international - fix various small bugs - translation updates for lt and da - vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22 you...
openSUSE Security Update : postfixadmin (openSUSE-2012-86)
update to PostfixAdmin 2.3.5 security release - fixes some SQL injections CVE-2012-0811 - fixes some XSS vulnerabilities CVE-2012-0812 - see CHANGELOG.TXT or bnc741455 for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...