CVE-2014-2655

CVE-2014-2655 : SQL injection in Postfix Admin (postfixadmin) via the gen_show_status function in functions.inc.php, exploitable before 2.3.7 when creating a new alias. Affected: Postfix Admin, prior to 2.3.7. Root cause: improper SQL handling in list-virtual.py? (per sources) and related advisor...

CVE-2012-0812

PostfixAdmin 2.3.4 is affected by multiple XSS vulnerabilities due to insufficient input validation in the web interface. Impact stated as client-side code execution possibilities; exploitation details are not provided in the supplied documents. A remediation exists: upgrade to PostfixAdmin 2.3.5...