Page 3 of 15 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting en el plugin Mail en baserCMS versión 3.0.10 y anteriores permite a los atacantes autenticados remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://basercms.net/security/JVN92765814 http://www.securityfocus.com/bid/93217 https://jvn.jp/en/jp/JVN92765814/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Mail para baserCMS en versiones 3.0.10 y anteriores, que permitiría a atacantes remotos secuestrar la autenticación de los administradores a través de vectores no especificados. • http://basercms.net/security/JVN92765814 http://www.securityfocus.com/bid/93217 https://jvn.jp/en/jp/JVN92765814/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 1%CPEs: 52EXPL: 0

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. La función de entrega en el agente de entrega de sendmail (lib/mail/network/delivery_methods/sendmail.rb)para Ruby Mail gem v2.2.14 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres cubiertos en una dirección de correo electrónico. • http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1 http://osvdb.org/70667 http://secunia.com/advisories/43077 http://www.securityfocus.com/bid/46021 http://www.vupen.com/english/advisories/2011/0233 https://exchange.xforce.ibmcloud.com/vulnerabilities/65010 https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Vulnerabilidad de inyección de argumento en Mail/sendmail.php en Mail package v1.1.14, v1.2.0b2, y probablemente otras versiones para PEAR permite a atacantes remotos leer y escribir archivos de su elección a través del parámetro $recipients manipulado y probablemente otros parámetros, una vulnerabilidad diferente que CVE-2009-4023. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://pear.php.net/bugs/bug.php?id=16200 http://secunia.com/advisories/37458 http://www.debian.org/security/2009/dsa-1938 http://www.openwall.com/lists/oss-security/2009/11/23/8 http://www.openwall.com/lists/oss-security/2009/11/28/2 http://www.securityfocus.com/bid/37395 https://bugs.gentoo.org/show_bug.cgi?id=294256 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. • http://marc.info/?l=bugtraq&m=111539448630095&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/20670 •