6 matches found
CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
EUVD-2026-36245
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
CVE-2026-8406
openSIS Classic 9.3 is affected by an insecure direct object reference in the messaging module. An authenticated user with access to messaging can request details of sent messages by supplying an arbitrary mail_id to modules/messaging/SentMail.php, exposing potentially sensitive information. No e...
PT-2026-48668
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail id value...
curl: CVE-2021-22947: STARTTLS protocol injection via MITM
Summary: A man-in-the-middle can inject cleartext forged responses to future encrypted commands by pipelining them to the STARTTLS response. Steps To Reproduce: Use the attached test case within the curl test system. It is based on IMAP FETCH with explicit TLS. Upon test failure, the downloaded...