Vulnerabilities > Hgiga
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-31 | CVE-2020-25850 | Unspecified vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User The function, view the source code, of HGiga MailSherlock does not validate specific characters. | 7.5 |
| 2020-12-31 | CVE-2020-25848 | Improper Authentication vulnerability in Hgiga products HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | 9.8 |
| 2020-04-15 | CVE-2020-10512 | SQL Injection vulnerability in Hgiga Oaklouds Ccm@Il HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | 8.8 |
| 2020-04-15 | CVE-2020-10511 | OS Command Injection vulnerability in Hgiga Oaklouds Ccm@Il HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. | 9.8 |
| 2019-06-03 | CVE-2019-9883 | Cross-Site Request Forgery (CSRF) vulnerability in Hgiga products Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. | 8.8 |
| 2019-06-03 | CVE-2019-9882 | Cross-Site Request Forgery (CSRF) vulnerability in Hgiga products Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. | 8.8 |
| 2019-02-11 | CVE-2018-17542 | SQL Injection vulnerability in Hgiga Oaklouds Mailsherlock SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | 5.3 |