CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2014-2655
https://notcve.org/view.php?id=CVE-2014-2655
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. Vulnerabilidad de inyección SQL en la función gen_show_status en functions.inc.php en Postfix Admin (también conocido como postfixadmin) anterior a 2.3.7 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de un alias nuevo. • http://lists.opensuse.org/opensuse-updates/2014-05/msg00075.html http://sourceforge.net/p/postfixadmin/code/1650 http://www.debian.org/security/2014/dsa-2889 http://www.openwall.com/lists/oss-security/2014/03/26/11 http://www.openwall.com/lists/oss-security/2014/03/26/6 http://www.securityfocus.com/bid/66455 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0812
https://notcve.org/view.php?id=CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities PostfixAdmin versión 2.3.4, presenta múltiples vulnerabilidades de tipo XSS. • http://security.gentoo.org/glsa/glsa-201209-18.xml http://www.openwall.com/lists/oss-security/2012/01/26/12 http://www.openwall.com/lists/oss-security/2012/01/27/5 http://www.securityfocus.com/bid/51680 https://access.redhat.com/security/cve/cve-2012-0812 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0812 https://security-tracker.debian.org/tracker/CVE-2012-0812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •