Lucene search

K

SLmail Security Vulnerabilities

cve
cve

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm...

6.1CVSS

5.1AI Score

0.0004EPSS

2023-11-23 01:15 PM
21
cve
cve

CVE-2023-4595

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of....

7.5CVSS

6.3AI Score

0.001EPSS

2023-11-23 01:15 PM
20
cve
cve

CVE-2023-4593

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm...

6.5CVSS

6.3AI Score

0.001EPSS

2023-11-23 01:15 PM
21
cve
cve

CVE-2008-1689

Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party...

6.7AI Score

0.023EPSS

2008-04-07 05:44 PM
25
cve
cve

CVE-2008-1691

Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party...

6.6AI Score

0.014EPSS

2008-04-07 05:44 PM
19
cve
cve

CVE-2008-1690

WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from...

8.2AI Score

0.192EPSS

2008-04-07 05:44 PM
17
cve
cve

CVE-2004-0357

Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3)...

8.2AI Score

0.054EPSS

2004-11-23 05:00 AM
31
cve
cve

CVE-2004-0356

Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP...

8.5AI Score

0.047EPSS

2004-11-23 05:00 AM
28
cve
cve

CVE-2003-0264

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3...

8AI Score

0.242EPSS

2003-05-27 04:00 AM
65
2
cve
cve

CVE-1999-0380

SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the...

6.8AI Score

0.0004EPSS

2002-03-09 05:00 AM
35
cve
cve

CVE-1999-0231

Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote...

7.1AI Score

0.04EPSS

2000-02-04 05:00 AM
26