4 matches found
CVE-2018-7707
Cross-site scripting XSS vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message...
CVE-2018-7705
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...
SecurEnvoy SecurMail Cross-Site Scripting Vulnerability (CNVD-2018-06275)
SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A cross-site scripting vulnerability exists in versions of SecurEnvoy SecurMail prior to 9.2.501. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via HTML formatted email messages...