Antoine Nguyen

14 exploits Active since Jan 2023
CVE-2023-0860 WRITEUP HIGH WRITEUP
modoboa installer < 2.0.4 - Improper Restriction of Excessive Authentication Attempts
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.
CVSS 7.5
CVE-2026-27602 WRITEUP HIGH WRITEUP
Modoboa <2.7.1 Domain Names - Authenticated OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server. Version 2.7.1 patches the issue.
CVSS 7.2
CVE-2023-0398 WRITEUP MEDIUM WRITEUP
modoboa < 2.0.4 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 6.5
CVE-2023-0406 WRITEUP MEDIUM WRITEUP
modoboa < 2.0.4 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 4.3
CVE-2023-0438 WRITEUP MEDIUM WRITEUP
modoboa < 2.0.4 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 6.5
CVE-2023-0470 WRITEUP MEDIUM WRITEUP
modoboa < 2.0.4 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 5.4
CVE-2023-0519 WRITEUP MEDIUM WRITEUP
modoboa < 2.0.4 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 5.4
CVE-2023-0949 WRITEUP MEDIUM WRITEUP
modoboa < 2.0.5 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
CVSS 4.8
CVE-2023-2160 WRITEUP MEDIUM WRITEUP
modoboa/modoboa <2.1.0 - Info Disclosure
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 6.3
CVE-2023-2227 WRITEUP CRITICAL WRITEUP
modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 9.1
CVE-2023-2228 WRITEUP MEDIUM WRITEUP
modoboa < 2.1.0 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 6.8
CVE-2023-5688 WRITEUP MEDIUM WRITEUP
modoboa < 2.2.2 - DOM-Based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
CVSS 5.4
CVE-2023-5689 WRITEUP MEDIUM WRITEUP
modoboa < 2.2.2 - DOM-based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
CVSS 5.4
CVE-2023-5690 WRITEUP HIGH WRITEUP
modoboa < 2.2.2 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
CVSS 8.8