30 matches found
CVE-2014-8391
CVE-2014-8391 (and CVE-2014-0999) affect Sendio ESP prior to version 7.2.4. The Web interface mishandles sessions, allowing remote authenticated users to access other users’ session data and, in one variant, to disclose session identifiers via URLs in HTTP traffic and similar responses. Two infor...
CVE-2014-0999
Sendio ESP is affected by CVE-2014-0999 (and CVE-2014-8391) in versions prior to 7.2.4. The issue arises from including the session cookie (jsessionid) in web interface URLs, causing the session identifier to be exposed via the Referrer header when accessing email content. This enables potential ...
CVE-2014-0999
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header...
CVE-2014-8391
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests...
Sendio ESP Information Disclosure Vulnerability
Exploit for jsp platform in category web applications 1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of...
Sendio ESP - Information Disclosure
Sendio ESP - Information Disclosure 1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update:...
Sendio ESP - Information Disclosure
Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio...
Sendio Email Security Platform Vulnerability Patch
Email security vendor Sendio has patched a pair of remotely exploitable security bypass vulnerabilities in its Sendio ESP, or Email Security Platform, product. Researchers at Core Security Technologies reported the vulnerabilities March 26 to Sendio, along with a proof of concept that triggers th...
Sendio ESP Information Disclosure Vulnerability
1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio Release mode: Coordinated release 2. Vulnerability Information Class: OWASP Top Ten 2013...
Sendio ESP Information Disclosure
Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio...