38 matches found
EUVD-2013-4527
Malware in sbrugna...
EUVD-2014-1717
Malware in sbrugna...
EUVD-2019-7583
Malware in sbrugna...
EUVD-2008-5721
Malware in sbrugna...
WordPress plugin Email Address Security by WebEmailProtector 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
CVE-2023-0400
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
SUSE CVE-2012-4912
Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message...
CVE-2023-0400
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...
CVE-2023-0400
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...
SniperPhish - The Web-Email Spear Phishing Toolkit
SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of...
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
Design/Logic Flaw
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
CVE-2019-17123
The CVE-2019-17123 entry concerns the eGain Web Email API 11+ where spoofed messages are possible due to improper handling of the fromName and message fields used in /system/ws/v11/ss/email. The root cause is mishandling of fromName with header injection via %0a/%0d and the message parameter allo...
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
checkout.tulsaworld.com XSS vulnerability
Open Bug Bounty ID: OBB-619855 Description| Value ---|--- Affected Website:| checkout.tulsaworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
SemCms web_email.php file incomplete fix exists SQL injection vulnerability
SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers.SemCms using php and vb language writing, combined with apache or iis running. SemCms webemail.php file is not...
Symantec Encryption Management Server < 3.3.2 Information Disclosure
The version of Symantec Encryption Management Server listening on the remote host is earlier than version 3.3.2. It is, therefore, affected by an information disclosure vulnerability due to a flaw in the Web Email Protection component. A remote, authenticated attacker could potentially exploit th...
CVE-2014-1643
The Web Email Protection component in Symantec Encryption Management Server aka PGP Universal Server before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL...