Mail.ru
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10716 | Med | 0.35 | 5.4 | 0.01 | Mar 16, 2018 | The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI. | ||
| CVE-2009-4739 | 0.03 | — | 0.02 | Mar 26, 2010 | PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||
| CVE-2009-4700 | 0.03 | — | 0.03 | Mar 15, 2010 | Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter. | |||
| CVE-2014-5804 | 0.00 | — | 0.00 | Sep 9, 2014 | The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
- risk 0.35cvss 5.4epss 0.01
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.
- CVE-2009-4739Mar 26, 2010risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
- CVE-2009-4700Mar 15, 2010risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
- CVE-2014-5804Sep 9, 2014risk 0.00cvss —epss 0.00
The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.