Pineapp: Security Vulnerabilities
PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies .
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-08
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
CVSS Score
5.0
EPSS Score
0.002
Published
2013-11-20
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-11-20
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
CVSS Score
7.5
EPSS Score
0.719
Published
2013-11-20
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
CVSS Score
7.5
EPSS Score
0.079
Published
2013-11-20
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
CVSS Score
7.2
EPSS Score
0.002
Published
2013-11-20
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
CVSS Score
8.5
EPSS Score
0.076
Published
2013-11-08