Filtered by vendor Mailcleaner Subscriptions
Filtered by product Mailcleaner Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-55560 1 Mailcleaner 1 Mailcleaner 2024-12-09 9.8 Critical
MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.
CVE-2019-1010246 1 Mailcleaner 1 Mailcleaner 2024-11-21 N/A
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.
CVE-2018-20323 1 Mailcleaner 1 Mailcleaner 2024-11-21 N/A
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.
CVE-2018-18635 1 Mailcleaner 1 Mailcleaner 2024-11-21 N/A
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.