Hgiga

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22851 1Hgiga 1Oaklouds Openid Nov 21, 2024 Jan 19, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
CVE-2021-22850 1Hgiga 1Oaklouds Portal Nov 21, 2024 Jan 19, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
CVE-2020-35851 1Hgiga 2Msr45 Isherlock User Ssr45 Isherlock User Nov 21, 2024 Dec 31, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
CVE-2020-35743 1Hgiga 4Msr45 Isherlock Antispam Msr45 Isherlock UserSsr45 Isherlock Antispam+1 more Nov 21, 2024 Dec 31, 2020 N/A· v4 7.6 HIGH· v3 6.5 MEDIUM· v2 HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
CVE-2020-35742 1Hgiga 4Msr45 Isherlock Antispam Msr45 Isherlock UserSsr45 Isherlock Antispam+1 more Nov 21, 2024 Dec 31, 2020 N/A· v4 7.6 HIGH· v3 6.5 MEDIUM· v2 HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
CVE-2020-35741 1Hgiga 4Msr45 Isherlock Antispam Msr45 Isherlock UserSsr45 Isherlock Antispam+1 more Nov 21, 2024 Dec 31, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
CVE-2020-35740 1Hgiga 4Msr45 Isherlock Antispam Msr45 Isherlock UserSsr45 Isherlock Antispam+1 more Nov 21, 2024 Dec 31, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
CVE-2020-25850 1Hgiga 2Msr45 Isherlock User Ssr45 Isherlock User Nov 21, 2024 Dec 31, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
CVE-2020-25848 1Hgiga 10Msr45 Isherlock Antispam Msr45 Isherlock AuditMsr45 Isherlock Base+7 more Nov 21, 2024 Dec 31, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
CVE-2020-10512 1Hgiga 1Oaklouds Ccm@il Nov 21, 2024 Apr 15, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter t...Show more HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.Show less
CVE-2020-10511 1Hgiga 1Oaklouds Ccm@il Nov 21, 2024 Apr 15, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted...Show more HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.Show less
CVE-2019-9883 1Hgiga 8Msr35 Isherlock Base Msr35 Isherlock SysinfoMsr35 Isherlock User+5 more Nov 21, 2024 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=...Show more Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.Show less
CVE-2019-9882 1Hgiga 8Msr35 Isherlock Base Msr35 Isherlock SysinfoMsr35 Isherlock User+5 more Nov 21, 2024 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&ne...Show more Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.Show less
CVE-2018-17542 1Hgiga 1Oaklouds Mailsherlock Nov 21, 2024 Feb 11, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi requ...Show more SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.Show less

Previous 12