CVE-2023-2820

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

CVE-2021-39304

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass...

CVE-2021-34814

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass...

CVE-2021-31608

Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control...

CVE-2020-14009

Proofpoint Enterprise Protection PPS/PoD before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipa...

CVE-2020-8884

rcdsvc in the Proofpoint Insider Threat Management Windows Agent formerly ObserveIT Windows Agent before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes...

CVE-2020-10658

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is...

CVE-2020-10657

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker with admin or config-admin privileges in the console to execute arbitrary code with local...

CVE-2019-19680

A file-extension filtering vulnerability in Proofpoint Enterprise Protection PPS / PoD, in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms related to extensions, MIME types, virus detection, and journal entries for transmitted...

CVE-2011-1905

Multiple cross-site request forgery CSRF vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication ...

CVE-2019-20634

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails tha...

CVE-2011-1904

An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command...

CVE-2011-1903

SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors...

CVE-2011-1901

The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors...

Proofpoint Enterprise Protection 安全漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA, Inc. provides functionality to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection versions prior to 8.22.0 that stems from improper input validation in Attachment Defense, which could result i...

Proofpoint Enterprise Protection 安全漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA, Inc. It provides the ability to protect e-mail. A security vulnerability in Proofpoint Enterprise Protection versions prior to 8.21.0 patch 5115, prior to 8.20.6 patch 5114, and prior to 8.18.6 patch 5113, which stems from...

CVE-2024-3676

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These account...

Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It's critical, but difficult to exploit reliably. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren't likely to lead to...

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a...