MidnightBSD

Advisories for pineapp

CVE-2013-4987 HIGH

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pineapp mail-secure *
CVE-2013-6827 MEDIUM

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
pineapp mail-secure -
CVE-2013-6828 MEDIUM

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
pineapp mail-secure -
CVE-2013-6829 HIGH

admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
pineapp mail-secure -
CVE-2013-6830 HIGH

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
pineapp mail-secure_5099sk *
CVE-2013-6831 HIGH

PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pineapp mail-secure_5099sk *
CVE-2021-36720 MEDIUM

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pineapp mail_secure *