Ssr45 Isherlock-user Security Vulnerabilities and Issues — Ssr45 Isherlock-user CVE List

Lucene search

HgigaSsr45 Isherlock-user

7 matches found

CVE•added 2020/12/31 8:15 a.m.•40 views

CVE-2020-35851

HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.

10CVSS9.4AI score0.00767EPSS

CVE•added 2020/12/31 8:15 a.m.•38 views

CVE-2020-35742

HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.

7.6CVSS7.5AI score0.00255EPSS

CVE•added 2020/12/31 8:15 a.m.•36 views

CVE-2020-25850

The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.

8.1CVSS7.8AI score0.0036EPSS

CVE•added 2020/12/31 8:15 a.m.•35 views

CVE-2020-25848

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

10CVSS9.9AI score0.00263EPSS

CVE•added 2020/12/31 8:15 a.m.•35 views

CVE-2020-35741

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

7CVSS6.1AI score0.00294EPSS

CVE•added 2020/12/31 8:15 a.m.•32 views

CVE-2020-35743

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.

7.6CVSS7.6AI score0.00255EPSS

CVE•added 2020/12/31 8:15 a.m.•30 views

CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

7CVSS6.1AI score0.00294EPSS