12 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Escalado de privilegios locales en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Cross-Site Scripting (XSS) en WebConsole en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Existe Cross-Site Request Forgery (CSRF) que conduce a la toma de control de una cuenta administrativa en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Inyección de archivos de configuración provoca ejecución de código como Root en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. Vulnerabilidad de XSS en index.php en Aker Secure Mail Gateway 2.5.2 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro msg_id. AKER Secure Mail Gateway versions 2.5.2 and below suffer from multiple reflective cross site scripting vulnerabilities. • http://www.kb.cert.org/vuls/id/687278 http://www.securityfocus.com/bid/66024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •