Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-6086

EPSS 0.17% · P38
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-6086

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open Source Solutions ViMbAdmin 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open Source Solutions ViMbAdmin是爱尔兰Open Source Solutions公司的一套开源的基于Web的虚拟邮箱管理系统。该系统支持管理员管理域、邮件和别名等。 Open Source Solutions ViMbAdmin 3.0.15版本中的‘addAction’和‘purgeAction’函数存在跨站请求伪造漏洞。远程攻击者可借助POSR或GET请求利用该漏洞执行未授权的操作(例如:移除和添加管理员用户、更改管理员密码、添加和删除邮箱、检索邮箱地址、添加和移除别名
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-6086

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-6086

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-06-27 · 37 CVEs total

CVE-2015-7895Samsung Galaxy S6 Samsung Gallery 安全漏洞
CVE-2015-1778OpenDaylight 安全漏洞
CVE-2015-1795Red Hat Gluster 权限许可和访问控制问题漏洞
CVE-2015-2245Huawei Ascend P7 拒绝服务漏洞
CVE-2015-3840Android 安全漏洞
CVE-2015-5180glibc 代码问题漏洞
CVE-2015-5378Elasticsearch Logstash 安全漏洞
CVE-2015-7780ZOHO ManageEngine Firewall Analyzer 路径遍历漏洞
CVE-2015-7781ZOHO ManageEngine Firewall Analyzer 安全漏洞
CVE-2015-1591kamailio 权限许可和访问控制漏洞
CVE-2015-7898Samsung Galaxy S6 Samsung Gallery 安全漏洞
CVE-2015-8697Debian stalin 安全漏洞
CVE-2016-0959Adobe Flash Player 安全漏洞
CVE-2016-4383HPE Helion Openstack Glance glance-manage db 安全漏洞
CVE-2016-5414Red Hat FreeIPA 安全漏洞
CVE-2016-6342elog 安全漏洞
CVE-2016-7062Red Hat Storage Console和Storage Console Node 安全漏洞
CVE-2017-2491Apple Safari和iOS JavaScriptCore 安全漏洞
CVE-2017-9256Freeware Advanced Audio Decoder 2 安全漏洞
CVE-2017-9219Freeware Advanced Audio Decoder 2 缓冲区错误漏洞

Showing top 20 of 37 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-6086

No comments yet

Leave a comment