Vulnerabilities (CVE)

Filtered by vendor Pineapp Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36720 1 Pineapp 1 Mail Secure 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies .
CVE-2013-6831 1 Pineapp 1 Mail-secure 5099sk 2024-11-21 7.2 HIGH N/A
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
CVE-2013-6830 1 Pineapp 1 Mail-secure 5099sk 2024-11-21 7.5 HIGH N/A
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
CVE-2013-6829 1 Pineapp 1 Mail-secure 2024-11-21 7.5 HIGH N/A
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
CVE-2013-6828 1 Pineapp 1 Mail-secure 2024-11-21 6.4 MEDIUM N/A
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
CVE-2013-6827 1 Pineapp 1 Mail-secure 2024-11-21 5.0 MEDIUM N/A
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
CVE-2013-4987 1 Pineapp 1 Mail-secure 2024-11-21 8.5 HIGH N/A
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.