11 matches found
EUVD-2020-16516
Malware in sbrugna...
EUVD-2020-16514
Malware in sbrugna...
CVE-2020-23776
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...
CVE-2020-23774
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...
CVE-2020-23776
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...
Cross site scripting
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...
Server side request forgery (ssrf)
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...
CVE-2020-23776
CVE-2020-23776 is an SSRF vulnerability affecting Winmail 6.5 in app.php (parameter key) when HTTPS is enabled. The issue allows an attacker to induce the server to make HTTP requests to a target URL by manipulating the HOST header in requests. Documented in multiple feeds (NVD/Red Hat/CVE lists)...
CVE-2020-23776
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...
CVE-2020-23774
The CVE-2020-23774 entry concerns a reflected XSS in Winmail 6.5, specifically in tohtml/convert.php. The underlying issue is the ability to cause JavaScript execution via user-controlled input reflected in the response. Evidence from connected records confirms the affected software/component and...
CVE-2020-23774
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...