Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by OAKlouds
CVE-2019-9883 (GCVE-0-2019-9883)
Vulnerability from cvelistv5 – Published: 2019-06-03 18:03 – Updated: 2024-08-04 22:01
VLAI
Title
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account.
Summary
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201904003 | x_refsource_MISC |
| http://surl.twcert.org.tw/mChNi | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OAKlouds | MailSherlock MSR35 |
Affected:
iSherlock-base , < 1.5-328
(custom)
Affected: iSherlock-useradmin , < 1.5-239 (custom) Affected: iSherlock-sysinfo , < 1.5-196 (custom) Affected: iSherlock-user , < 1.5-127 (custom) |
|
| OAKlouds | MailSherlock MSR45 |
Affected:
iSherlock-base , < 4.5-206
(custom)
Affected: iSherlock-useradmin , < 4.5-106 (custom) Affected: iSherlock-sysinfo , < 4.5-109 (custom) Affected: iSherlock-user , < 4.5-81 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/mChNi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock MSR35",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5-328",
"status": "affected",
"version": "iSherlock-base",
"versionType": "custom"
},
{
"lessThan": "1.5-239",
"status": "affected",
"version": "iSherlock-useradmin",
"versionType": "custom"
},
{
"lessThan": "1.5-196",
"status": "affected",
"version": "iSherlock-sysinfo",
"versionType": "custom"
},
{
"lessThan": "1.5-127",
"status": "affected",
"version": "iSherlock-user",
"versionType": "custom"
}
]
},
{
"product": "MailSherlock MSR45",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "4.5-206",
"status": "affected",
"version": "iSherlock-base",
"versionType": "custom"
},
{
"lessThan": "4.5-106",
"status": "affected",
"version": "iSherlock-useradmin",
"versionType": "custom"
},
{
"lessThan": "4.5-109",
"status": "affected",
"version": "iSherlock-sysinfo",
"versionType": "custom"
},
{
"lessThan": "4.5-81",
"status": "affected",
"version": "iSherlock-user",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "AurOraD@d"
}
],
"descriptions": [
{
"lang": "en",
"value": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=\u0026wk_group=full\u0026cf_name=test\u0026cf_account=test\u0026cf_email=\u0026cf_acl=Management\u0026apply_lang=\u0026dn= without any authorizes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T18:03:21.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://surl.twcert.org.tw/mChNi"
}
],
"source": {
"discovery": "USER"
},
"title": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account.",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"ID": "CVE-2019-9883",
"STATE": "PUBLIC",
"TITLE": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR35",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "iSherlock-base",
"version_value": "1.5-328"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-useradmin",
"version_value": "1.5-239"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-sysinfo",
"version_value": "1.5-196"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-user",
"version_value": "1.5-127"
}
]
}
},
{
"product_name": "MailSherlock MSR45",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "iSherlock-base",
"version_value": "4.5-206"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-useradmin",
"version_value": "4.5-106"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-sysinfo",
"version_value": "4.5-109"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-user",
"version_value": "4.5-81"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "AurOraD@d"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=\u0026wk_group=full\u0026cf_name=test\u0026cf_account=test\u0026cf_email=\u0026cf_acl=Management\u0026apply_lang=\u0026dn= without any authorizes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003"
},
{
"name": "http://surl.twcert.org.tw/mChNi",
"refsource": "MISC",
"url": "http://surl.twcert.org.tw/mChNi"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-9883",
"datePublished": "2019-06-03T18:03:21.000Z",
"dateReserved": "2019-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:01:54.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9882 (GCVE-0-2019-9882)
Vulnerability from cvelistv5 – Published: 2019-06-03 18:03 – Updated: 2024-08-04 22:01
VLAI
Title
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist.
Summary
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201904002 | x_refsource_MISC |
| http://surl.twcert.org.tw/MtWeJ | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OAKlouds | MailSherlock MSR35 |
Affected:
iSherlock-base , < 1.5-328
(custom)
Affected: iSherlock-useradmin , < 1.5-239 (custom) Affected: iSherlock-sysinfo , < 1.5-196 (custom) Affected: iSherlock-user , < 1.5-127 (custom) |
|
| OAKlouds | MailSherlock MSR45 |
Affected:
iSherlock-base , < 4.5-206
(custom)
Affected: iSherlock-useradmin , < 4.5-106 (custom) Affected: iSherlock-sysinfo , < 4.5-109 (custom) Affected: iSherlock-user , < 4.5-81 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/MtWeJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock MSR35",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5-328",
"status": "affected",
"version": "iSherlock-base",
"versionType": "custom"
},
{
"lessThan": "1.5-239",
"status": "affected",
"version": "iSherlock-useradmin",
"versionType": "custom"
},
{
"lessThan": "1.5-196",
"status": "affected",
"version": "iSherlock-sysinfo",
"versionType": "custom"
},
{
"lessThan": "1.5-127",
"status": "affected",
"version": "iSherlock-user",
"versionType": "custom"
}
]
},
{
"product": "MailSherlock MSR45",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "4.5-206",
"status": "affected",
"version": "iSherlock-base",
"versionType": "custom"
},
{
"lessThan": "4.5-106",
"status": "affected",
"version": "iSherlock-useradmin",
"versionType": "custom"
},
{
"lessThan": "4.5-109",
"status": "affected",
"version": "iSherlock-sysinfo",
"versionType": "custom"
},
{
"lessThan": "4.5-81",
"status": "affected",
"version": "iSherlock-user",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "AurOraD@d"
}
],
"descriptions": [
{
"lang": "en",
"value": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=\u0026type=email\u0026category=white\u0026locate=big5\u0026cmd=add\u0026new=hacker@socialengineering.com\u0026new_memo=\u0026add=%E6%96%B0%E5%A2%9E without any authorizes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T18:03:21.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://surl.twcert.org.tw/MtWeJ"
}
],
"source": {
"discovery": "USER"
},
"title": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist.",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"ID": "CVE-2019-9882",
"STATE": "PUBLIC",
"TITLE": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR35",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "iSherlock-base",
"version_value": "1.5-328"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-useradmin",
"version_value": "1.5-239"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-sysinfo",
"version_value": "1.5-196"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-user",
"version_value": "1.5-127"
}
]
}
},
{
"product_name": "MailSherlock MSR45",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "iSherlock-base",
"version_value": "4.5-206"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-useradmin",
"version_value": "4.5-106"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-sysinfo",
"version_value": "4.5-109"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-user",
"version_value": "4.5-81"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "AurOraD@d"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=\u0026type=email\u0026category=white\u0026locate=big5\u0026cmd=add\u0026new=hacker@socialengineering.com\u0026new_memo=\u0026add=%E6%96%B0%E5%A2%9E without any authorizes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002"
},
{
"name": "http://surl.twcert.org.tw/MtWeJ",
"refsource": "MISC",
"url": "http://surl.twcert.org.tw/MtWeJ"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-9882",
"datePublished": "2019-06-03T18:03:21.000Z",
"dateReserved": "2019-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:01:54.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17542 (GCVE-0-2018-17542)
Vulnerability from cvelistv5 – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
VLAI
Title
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
Summary
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Severity
4.3 (Medium)
CWE
- SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://twcert.org.tw/subpages/ServeThePublic/pub… | x_refsource_CONFIRM |
| https://twcert.org.tw/subpages/ServeThePublic/pub… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OAKlouds | MailSherlock |
Affected:
unspecified , < 1.5.235
(custom)
|
Date Public
2018-11-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5.235",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Researcher from a Technology enterprise"
}
],
"datePublic": "2018-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T19:57:01.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
"ID": "CVE-2018-17542",
"STATE": "PUBLIC",
"TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.5.235"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Researcher from a Technology enterprise"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2018-17542",
"datePublished": "2019-02-11T20:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:54:20.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}