Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

V-webmail Security Vulnerabilities

cve
cve

CVE-2008-6840

Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f)...

7.8AI Score

0.029EPSS

2009-07-01 01:00 PM
29
cve
cve

CVE-2008-3061

Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to...

7.4AI Score

0.002EPSS

2008-10-08 12:09 AM
15
cve
cve

CVE-2008-3060

V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error...

7AI Score

0.004EPSS

2008-10-08 12:00 AM
20
cve
cve

CVE-2008-3063

SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username...

9.3AI Score

0.001EPSS

2008-10-08 12:00 AM
26
cve
cve

CVE-2006-2665

PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir]...

8.3AI Score

0.032EPSS

2006-05-30 09:02 PM
21
4
cve
cve

CVE-2006-2666

PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir]...

7.6AI Score

0.042EPSS

2006-05-30 09:02 PM
35
cve
cve

CVE-2006-0794

help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

7.2AI Score

0.007EPSS

2006-02-19 09:02 PM
26
cve
cve

CVE-2006-0792

Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

6.1AI Score

0.005EPSS

2006-02-19 09:02 PM
27
cve
cve

CVE-2006-0793

frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

7.3AI Score

0.011EPSS

2006-02-19 09:02 PM
17