CVE-2025-71275

Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519...

CVE-2025-71275 Zimbra Collaboration Suite PostJournal 8.8.15 Unauthenticated Remote Code Execution via SMTP Injection

Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...

CVE-2019-25407

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUPRCPT...

CVE-2019-25407

CVE-2019-25407 concerns Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the backupschedule interface. The issue allows an attacker to submit crafted input via POST to the backupschedule endpoint (BACKUP_RCPTTO) to execute arbitrary JavaScript in end user...

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the BACKUPRCPTTO parameter input in the...

📄 Zimbra Collaboration Suite Postjournal 10.0.x Remote Code Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

PT-2022-20351 · Unknown · Toll Tax Management System

Name of the Vulnerable Software and Affected Versions: Toll-tax-management-system version 1.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via the API endpoint "/ttms/classes/Master.php" with the parameter f set to "save recipient" and the vehicle...

MetalGenix GeniXCMS SQL Injection Vulnerability (CNVD-2017-00559)

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A SQL injection vulnerability exists in the inc/mod/newsletter/options.php file in MetalGenix GeniXCMS...

Sql injection

SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php...