CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 1CVE-2012-2202 – IBM Proventia Network Mail Security System 2.5 - POST File Read
https://notcve.org/view.php?id=CVE-2012-2202
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter. Vulnerabilidad de salto de directorio en javatester_init.php en IBM Lotus Protector para Mail Security v2.1, v2.5, v2.5.1, y v2.8 e IBM ISS Proventia Network Mail Security System, permite a administradores autenticados remotamente leer archivos de su elección a través .. (punto punto) en el parámetro template. • https://www.exploit-db.com/exploits/20368 http://secunia.com/advisories/49897 http://www-01.ibm.com/support/docview.wss?uid=swg21605630 http://www.kb.cert.org/vuls/id/659791 https://exchange.xforce.ibmcloud.com/vulnerabilities/76801 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2012-2955 – IBM Proventia Network Mail Security System 2.5 - POST File Read
https://notcve.org/view.php?id=CVE-2012-2955
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string. Múltiples vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la interfaz de usuario administrativo de IBM Lotus Protector for Mail Security v2.1, v2.5, v2.5.1 y v2.8 e IBM ISS Proventia Network Mail Security System permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cadena de consulta. • https://www.exploit-db.com/exploits/20368 http://osvdb.org/84014 http://secunia.com/advisories/49897 http://www-01.ibm.com/support/docview.wss?uid=swg21605626 http://www.kb.cert.org/vuls/id/659791 http://www.securityfocus.com/bid/54486 https://exchange.xforce.ibmcloud.com/vulnerabilities/76798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •