pinpinsec - Security Researcher - Exploit Intelligence Platform

CVE-2023-0400 NOMISEC MEDIUM WRITEUP

DLP for Windows <11.10.0 - Privilege Escalation

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

CVSS 5.9

View Code

CVE-2020-14065 NOMISEC MEDIUM WRITEUP

Icewarp Mail Server - Unrestricted File Upload

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.

CVSS 6.5

View Code

CVE-2020-14066 NOMISEC HIGH WRITEUP

Icewarp Mail Server - Unrestricted File Upload

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

CVSS 8.8

View Code