Skip to main content

Aurora

6 CVEs product

Monthly

CVE-2024-27905 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Information Disclosure Oracle Aurora
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26294 HIGH POC THREAT This Week

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora Webmail Pro
NVD GitHub
CVSS 3.1
7.5
EPSS
16.9%
CVE-2021-26293 CRITICAL POC Act Now

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora Webmail Pro
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-19129 MEDIUM This Month

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aurora Webmail Pro
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16238 MEDIUM POC This Month

Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aurora
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2017-14597 MEDIUM POC This Month

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Aurora Webmail
NVD
CVSS 3.0
4.8
EPSS
0.2%
EPSS 1% CVSS 9.1
CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Information Disclosure +2
NVD
EPSS 17% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aurora Webmail Pro
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aurora
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Aurora +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy