Sourcenext
Products
7- 7 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2252 | Hig | 0.51 | 7.8 | 0.01 | Jul 17, 2017 | Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2024-5670 | 0.00 | — | 0.01 | Jul 29, 2024 | The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server. | |||
| CVE-2023-48382 | 0.00 | — | 0.01 | Dec 15, 2023 | Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific… | |||
| CVE-2023-48381 | 0.00 | — | 0.01 | Dec 15, 2023 | Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to… | |||
| CVE-2023-48380 | 0.00 | — | 0.01 | Dec 15, 2023 | Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary… | |||
| CVE-2023-48379 | 0.00 | — | 0.01 | Dec 15, 2023 | Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | |||
| CVE-2023-48378 | 0.00 | — | 0.01 | Dec 15, 2023 | Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||
| CVE-2022-40742 | 0.00 | — | 0.01 | Oct 31, 2022 | Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not… | |||
| CVE-2008-4429 | 0.00 | — | 0.03 | Oct 3, 2008 | Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details… | |||
| CVE-2007-1611 | 0.00 | — | 0.01 | Mar 22, 2007 | Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. |
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2024-5670Jul 29, 2024risk 0.00cvss —epss 0.01
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.
- CVE-2023-48382Dec 15, 2023risk 0.00cvss —epss 0.01
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific…
- CVE-2023-48381Dec 15, 2023risk 0.00cvss —epss 0.01
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to…
- CVE-2023-48380Dec 15, 2023risk 0.00cvss —epss 0.01
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary…
- CVE-2023-48379Dec 15, 2023risk 0.00cvss —epss 0.01
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
- CVE-2023-48378Dec 15, 2023risk 0.00cvss —epss 0.01
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
- CVE-2022-40742Oct 31, 2022risk 0.00cvss —epss 0.01
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not…
- CVE-2008-4429Oct 3, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details…
- CVE-2007-1611Mar 22, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed.