MidnightBSD

Advisories for seeds

CVE-2014-3896 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
seeds acmailer *
CVE-2015-2971 MEDIUM

Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
seeds acmailer 3.9.10
seeds acmailer 3.9.0
seeds acmailer 3.9.7
seeds acmailer 3.9.11
seeds acmailer 3.9.4
seeds acmailer 3.9.5
seeds acmailer 3.9.2
seeds acmailer 3.9.6
seeds acmailer 3.9.8
seeds acmailer 3.9.9
seeds acmailer 3.9.3
seeds acmailer *
seeds acmailer 3.9.1
CVE-2016-1142 HIGH

Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
seeds acmailer 3.9.10
seeds acmailer 3.9.14
seeds acmailer 3.9.0
seeds acmailer 3.9.7
seeds acmailer 3.9.11
seeds acmailer 3.9.4
seeds acmailer 3.9.12
seeds acmailer 3.9.5
seeds acmailer 3.9.2
seeds acmailer 3.9.6
seeds acmailer 3.9.8
seeds acmailer 3.9.9
seeds acmailer 3.9.3
seeds acmailer *
seeds acmailer 3.9.1