32 matches found
CVE-2023-43320
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component...
CVE-2022-35508
Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
EUVD-2015-8911
Malware in sbrugna...
EUVD-2014-2362
Malware in sbrugna...
EUVD-2015-8912
Malware in sbrugna...
The vulnerability of the handle_api2_request() function in the Proxmox Virtual Environment platform’s interface, as well as the Proxmox Mail Gateway email protection mechanism, allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the handleapi2request function in the Proxmox Virtual Environment platform’s interface, along with the Proxmox Mail Gateway email protection mechanism, is related to improper external management of file names or paths when processing objects like “download” or “data-download”...
Proxmox Virtual Environment Security Vulnerability
Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability in Proxmox Server Solutions GmbH Proxmox VE v.5.4 to v.8.0, Proxmox Backup Server v.1.1 to v.3.0, and Proxmox Mail Gateway v.7.1 to v.8.0 has been...
CVE-2022-35508
Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
CVE-2022-35508
Proxmox CVE-2022-35508 enables SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon, exploitable by an unprivileged user to disclose server files. In Proxmox Mail Gateway, there is also a privilege escalation route to root@pam if backup artifacts were used, because pmg-backup...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
PT-2022-22874 · Proxmox +1 · Pve-Http-Server +3
Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions prior to pve-http-server 4.1-3 Proxmox Mail Gateway versions prior to pve-http-server 4.1-3 Description: A response-header CRLF injection vulnerability in the web interface allows a remote attacker to set...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
PT-2022-22875 · Proxmox · Proxmox Mail Gateway +1
Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG versions prior to pve-http-server 4.1-3 Description: The issue affects Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG when proxying HTTP requests between pvepmgproxy a...
CVE-2022-35508
Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...
Proxmox Mail Gateway Open Redirect Vulnerability
Proxmox Mail Gateway is an e-mail gateway product from Proxmox Server Solutions, Austria. The product protects e-mail from virus, phishing and Trojan horse threats. An open redirection vulnerability exists in versions prior to Proxmox Mail Gateway hotfix 4.0-8-097d26a9. A remote attacker can...
Proxmox Mail Gateway Cross-Site Scripting Vulnerability
Proxmox Mail Gateway is an e-mail gateway product from Proxmox Server Solutions, Austria. The product protects e-mail from virus, phishing and Trojan horse threats. A cross-site scripting vulnerability exists in versions prior to Proxmox Mail Gateway hotfix 4.0-8-097d26a9. A remote attacker can...
CVE-2015-9057
Multiple cross-site scripting XSS vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm,...
CVE-2015-9058
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...