VYPR
Vendor

Sourcenext

Products
7
CVEs
10
Across products
13
Status
Private

Products

7

Recent CVEs

10
  • CVE-2017-2252HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2024-5670Jul 29, 2024
    risk 0.00cvss epss 0.01

    The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.

  • CVE-2023-48382Dec 15, 2023
    risk 0.00cvss epss 0.01

    Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific…

  • CVE-2023-48381Dec 15, 2023
    risk 0.00cvss epss 0.01

    Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to…

  • CVE-2023-48380Dec 15, 2023
    risk 0.00cvss epss 0.01

    Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary…

  • CVE-2023-48379Dec 15, 2023
    risk 0.00cvss epss 0.01

    Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

  • CVE-2023-48378Dec 15, 2023
    risk 0.00cvss epss 0.01

    Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

  • CVE-2022-40742Oct 31, 2022
    risk 0.00cvss epss 0.01

    Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not…

  • CVE-2008-4429Oct 3, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details…

  • CVE-2007-1611Mar 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed.