Skip to main content

Mail Secure

6 CVEs product

Monthly

CVE-2021-36720 MEDIUM This Month

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Mail Secure
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-36719 HIGH This Week

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Mail Secure
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2013-6829 HIGH POC THREAT Act Now

admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.9%.

Code Injection RCE Mail Secure
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
71.9%
Threat
5.2
CVE-2013-6828 MEDIUM This Month

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail Secure
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6827 MEDIUM This Month

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Mail Secure
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4987 HIGH POC THREAT Act Now

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.2%.

Privilege Escalation Mail Secure
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
11.2%
EPSS 1% CVSS 6.1
MEDIUM This Month

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Mail Secure
NVD
EPSS 1% CVSS 8.8
HIGH This Week

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Mail Secure
NVD
EPSS 72% 5.2 CVSS 7.5
HIGH POC THREAT Act Now

admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.9%.

Code Injection RCE Mail Secure
NVD Exploit-DB
EPSS 0% CVSS 6.4
MEDIUM This Month

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail Secure
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Mail Secure
NVD
EPSS 11% CVSS 8.5
HIGH POC THREAT Act Now

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.2%.

Privilege Escalation Mail Secure
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy