RSS   Vulnerabilities for 'Msr45 isherlock-user'   RSS

2021-03-18
 
CVE-2021-22848

CWE-89
 

 
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.

 
2020-12-31
 
CVE-2020-35851

CWE-78
 

 
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.

 
 
CVE-2020-35743

CWE-89
 

 
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.

 
 
CVE-2020-35742

CWE-89
 

 
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.

 
 
CVE-2020-35741

CWE-79
 

 
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

 
 
CVE-2020-35740

CWE-79
 

 
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

 
 
CVE-2020-25850

NVD-CWE-noinfo
 

 
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.

 
 
CVE-2020-25848

CWE-522
 

 
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

 

 >>> Vendor: Hgiga 13 Products
Oaklouds ccm\@il
Msr45 isherlock-antispam
Msr45 isherlock-audit
Msr45 isherlock-base
Msr45 isherlock-user
Msr45 isherlock-useradmin
Ssr45 isherlock-antispam
Ssr45 isherlock-audit
Ssr45 isherlock-base
Ssr45 isherlock-user
Ssr45 isherlock-useradmin
Oaklouds portal
Oaklouds openid


Copyright 2024, cxsecurity.com

 

Back to Top