VYPR
Vendor

Pineapp

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2021-36719HigDec 8, 2021
    risk 0.57cvss 8.8epss 0.01

    PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.

  • CVE-2021-36720MedDec 8, 2021
    risk 0.40cvss 6.1epss 0.01

    PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url= and stealing cookies .

  • CVE-2020-8275MedJan 6, 2021
    risk 0.28cvss 4.3epss 0.02

    Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would…

  • CVE-2013-6829Nov 20, 2013
    risk 0.09cvss epss 0.78

    admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.

  • CVE-2013-6830Nov 20, 2013
    risk 0.04cvss epss 0.09

    admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.

  • CVE-2013-6831Nov 20, 2013
    risk 0.03cvss epss 0.01

    PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.

  • CVE-2013-4987Nov 8, 2013
    risk 0.03cvss epss 0.03

    PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.

  • CVE-2013-6828Nov 20, 2013
    risk 0.00cvss epss 0.01

    admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.

  • CVE-2013-6827Nov 20, 2013
    risk 0.00cvss epss 0.01

    Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.