Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rediff | bol_downloader_activex_ocx_control | * |
The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout.
CVSS 2.0
Severity: LOW
Problem Type: CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rediff | rediffmail | 2.2.6 |