27 matches found
EUVD-2018-19419
Malware in sbrugna...
EUVD-2018-19423
Malware in sbrugna...
CVE-2020-13376
SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...
CVE-2020-13376
SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...
CVE-2020-13376
SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...
CVE-2018-7706
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...
CVE-2018-7704
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...
CVE-2018-7701
Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...
CVE-2018-7705
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...
CVE-2018-7702
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization...
CVE-2018-7701
Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...
Directory traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...
Cross site scripting
Cross-site scripting XSS vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe...
Directory traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...
Authorization
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization...
SecurEnvoy SecurMail Cross-Site Scripting Vulnerability (CNVD-2018-06275)
SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A cross-site scripting vulnerability exists in versions of SecurEnvoy SecurMail prior to 9.2.501. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via HTML formatted email messages...
SecurEnvoy SecurMail Cross-Site Request Forgery Vulnerability
SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A cross-site request forgery vulnerability exists in SecurEnvoy SecurMail versions prior to 9.2.501. A remote attacker can exploit this vulnerability by sending requests to the files secmail/getmessage.exe and...
SecurEnvoy SecurMail Cross-Site Scripting Vulnerability
SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A cross-site scripting vulnerability exists in SecurEnvoy SecurMail versions prior to 9.2.501. A remote attacker can exploit this vulnerability by sending the 'mailboxid' parameter to the secmail/getmessage.exe file to inject...
CVE-2018-7705
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...