CVE-2022-35115

IceWarp WebClient DC2 - Update 2 Build 9 13.0.2.9 was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php...

Sql injection

IceWarp WebClient DC2 - Update 2 Build 9 13.0.2.9 was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php...

CVE-2022-35115

IceWarp WebClient DC2 Update 2 Build 9 (13.0.2.9) is affected by a SQL injection vulnerability exploitable via the search parameter in /webmail/server/webmail.php. The issue yields a CVSSv3.1 score of 9.8 (CRITICAL) with Network attack vector, no user interaction, and requires no privileges. The ...

IceWarp WebClient SQL注入漏洞

IceWarp WebClient is a web-based mail service client from IceWarp, Inc. A security vulnerability exists in IceWarp WebClient DC2 version 13.0.2.9, which originates from an SQL injection vulnerability discovered via the search parameter of /webmail/server/webmail.php...

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

Malicious code in it-advisor-webclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adfdca4e07e1507b2d32c614dfcc4517d60bda8bf0f7d7a8c44c1b29e70de263 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3978 Malicious code in it-advisor-webclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adfdca4e07e1507b2d32c614dfcc4517d60bda8bf0f7d7a8c44c1b29e70de263 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

Sql injection

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0, 7.0.12.0, and 7.0.3.0 are vulnerable to a SQL injection in the username field. Root cause: improper handling of input in the login username, enabling injection when SSO or System authentication is enabled. Impact per CVSS indicates high confidentiality/integrity/...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

Allgeier Inovar Metasonic Doc WebClient SQL注入漏洞

Allgeier Inovar Metasonic Doc WebClient is a mobile Enterprise Content Management ECM from Allgeier Inovar, Germany. It supports business processes by controlling publishing workflows. A security vulnerability exists in Allgeier Inovar Metasonic Doc WebClient versions 7.0.14.0, 7.0.12.0, and...

dev-python/twisted: secret exposure in cross-origin redirects

A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers...

ArchivistaBox webclient cross-site scripting vulnerability

ArchivistaBox webclient is a personal file management system from the Swiss company Archivista. cross-site scripting vulnerability exists in previous versions of ArchivistaBox webclient 2022/I, which stems from the program's lack of data validation filtering of user-supplied data and output. An...

CVE-2021-42552

Cross-site Scripting XSS vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I...

CVE-2021-42552

Cross-site Scripting XSS vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I...

Cross site scripting

Cross-site Scripting XSS vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I...

CVE-2021-42552

CVE-2021-42552 is a cross-site scripting (XSS) vulnerability in ArchivistaBox webclient. The issue arises from lack of data validation/filtering of user-supplied data, allowing an attacker to craft a malicious link that executes JavaScript in a victim’s browser. Affected are all ArchivistaBox ver...