Mail Secure
by Pineapp
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36719 | Hig | 0.57 | 8.8 | 0.01 | Dec 8, 2021 | PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | ||
| CVE-2021-36720 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url= and stealing cookies . | ||
| CVE-2020-8275 | Med | 0.28 | 4.3 | 0.02 | Jan 6, 2021 | Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would… | ||
| CVE-2013-6829 | 0.09 | — | 0.78 | Nov 20, 2013 | admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | |||
| CVE-2013-6830 | 0.04 | — | 0.09 | Nov 20, 2013 | admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation. | |||
| CVE-2013-6831 | 0.03 | — | 0.01 | Nov 20, 2013 | PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account. | |||
| CVE-2013-4987 | 0.03 | — | 0.03 | Nov 8, 2013 | PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | |||
| CVE-2013-6828 | 0.00 | — | 0.01 | Nov 20, 2013 | admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | |||
| CVE-2013-6827 | 0.00 | — | 0.01 | Nov 20, 2013 | Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. |
- risk 0.57cvss 8.8epss 0.01
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.
- risk 0.40cvss 6.1epss 0.01
PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url= and stealing cookies .
- risk 0.28cvss 4.3epss 0.02
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would…
- CVE-2013-6829Nov 20, 2013risk 0.09cvss —epss 0.78
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
- CVE-2013-6830Nov 20, 2013risk 0.04cvss —epss 0.09
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
- CVE-2013-6831Nov 20, 2013risk 0.03cvss —epss 0.01
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
- CVE-2013-4987Nov 8, 2013risk 0.03cvss —epss 0.03
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
- CVE-2013-6828Nov 20, 2013risk 0.00cvss —epss 0.01
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
- CVE-2013-6827Nov 20, 2013risk 0.00cvss —epss 0.01
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.