It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. This could allow a remote attacker to load arbitrary JavaScript code.Īn issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. The associated identifier of this vulnerability is VDB-243131. The exploit has been disclosed to the public and may be used. The manipulation of the argument email leads to sql injection. This issue affects some unknown processing of the file pages_reset_pwd.php. The identifier VDB-243133 was assigned to this vulnerability.Ī vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. A security vulnerability has been identified in mailcow affecting versions alert(9860) leads to cross site scripting. Mailcow is a dockerized email package, with multiple containers linked in one bridged network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |