CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.

ZUSOART ID

ZA-2023-06

CVE ID

CVE-2023-34209

Vulnerability Type

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

CVSS

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0)

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function of EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.

Vendor

EasyUse Digital Technology

Product

Category

Version affected

EasyUse MailHunter Ultimate

2023 and earlier

Product Support

Contact EasyUse Digital Technology for version updates.

Release date

2023/10/17

Credit

Yi-Lin Ho (Leo Ho) of ZUSO ART

Headline

CVE-2023-34209: ZUSO Generation 如梭世代

CVE: Latest News