31 matches found
CVE-2024-5670
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server...
CVE-2024-5670
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server...
PT-2024-37010 · Softnext · Softnext Mail Archiving Expert +1
Name of the Vulnerable Software and Affected Versions: Softnext Mail SQR Expert affected versions not specified Softnext Mail Archiving Expert affected versions not specified Description: The web services of Softnext's products do not properly validate user input, allowing unauthenticated remote...
Softnext Mail SQR Expert and Mail Archiving Expert 操作系统命令注入漏洞
Softnext Mail SQR Expert and Mail Archiving Expert is an email management platform from the Chinese company Softnext Mail. Softnext Mail SQR Expert and Mail Archiving Expert suffers from an operating system command injection vulnerability that originates from the web service not properly validati...
CVE-2023-48380
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...
CVE-2023-48380
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...
CVE-2023-48382
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...
CVE-2023-48381
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify...
CVE-2023-48382
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...
CVE-2023-48381
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify...
Design/Logic Flaw
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify...
Command injection
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...
Design/Logic Flaw
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...
CVE-2023-48382
The CVE-2023-48382 entry concerns Softnext Mail SQR Expert with a Local File Inclusion (LFI) vulnerability in a mail delivery URL. An unauthenticated attacker can exploit this to execute arbitrary PHP files with a .asp extension in certain system paths and access/modify partial system information...
CVE-2023-48382 Softnext Mail SQR Expert - Local File Inclusion-2
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...
CVE-2023-48381
CVE-2023-48381 relates to Softnext Mail SQR Expert, an email management platform, with a Local File Inclusion (LFI) flaw exposed via a special URL. The vulnerability lets an unauthenticated attacker cause the execution of arbitrary PHP files with a “.asp” extension under specific system paths, en...
CVE-2023-48381 Softnext Mail SQR Expert - Local File Inclusion-1
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify...
CVE-2023-48379
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...
CVE-2023-48378
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48378
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...