25 matches found
EUVD-2006-6684
Malware in sbrugna...
EUVD-2008-4911
Malware in sbrugna...
EUVD-2010-4894
Malware in sbrugna...
CVE-2012-1920
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...
CVE-2012-1917
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ dot dot slash sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ dot dot dot slash dot slash sequence...
Information disclosure
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...
Directory traversal
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ dot dot slash sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ dot dot dot slash dot slash sequence...
CVE-2012-1917
CVE-2012-1917 affects AtMail Open-Source (compose.php in the @Mail WebMail Client) prior to version 1.05. The root cause is improper handling of ../ sequences in the unique parameter, allowing remote attackers to perform directory traversal and read arbitrary files via a ..././ sequence. Document...
CVE-2012-1916
CVE-2012-1916 affects the @Mail WebMail Client in AtMail Open-Source prior to version 1.05. The issue allows remote attackers to execute arbitrary code by delivering an email with an attachment that has an executable extension, resulting in creation of an executable file under tmp/. This is descr...
CVE-2012-1917
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ dot dot slash sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ dot dot dot slash dot slash sequence...
CVE-2012-1919
CVE-2012-1919 affects AtMail Open-Source’s @Mail WebMail Client (mime.php) prior to version 1.05. The vulnerability is a CRLF injection that allows a remote attacker to perform directory traversal and read arbitrary files by injecting a %0A sequence followed by .. in the file parameter, enabling ...
CVE-2012-1920
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...
CVE-2012-1918
CVE-2012-1918 affects AtMail Open-Source WebMail Client (before 1.05). Vulnerable components are compose.php and libs/Atmail/SendMsg.php, with a directory traversal flaw that allows remote attackers to read arbitrary files via a .. in the Attachment[] parameter. Impact described as reading arbitr...
CVE-2012-1920
The CVE-2012-1920 issue affects the @Mail WebMail Client in AtMail Open-Source 1.04 and earlier. A remote attacker can obtain configuration information by issuing a direct request to install/info.php, which calls phpinfo. This is an information-disclosure vulnerability in the WebMail component. T...
CVE-2010-4930
The CVE-2010-4930 entry describes a cross-site scripting (XSS) vulnerability in Atmail WebMail prior to 6.2.0. The issue arises in index.php where the MailType parameter used in a mail/auth/processlogin action can be exploited to inject arbitrary script/HTML into a user’s browser. Affected produc...
Remote code execution
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web...
CVE-2008-4932
CVE-2008-4932 affects U-Mail Webmail server 4.91 via webmail/modules/filesystem/edit.php. An attacker can remotely overwrite arbitrary files by supplying an absolute pathname in the path parameter and arbitrary content in the content parameter; writing PHP code to a file within the web document r...
U-Mail Webmail 4.91 (edit.php) Arbitrary File Write Vulnerability
No description provided by source. U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan...
U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability
U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...
U-Mail Webmail 4.91 - 'edit.php' Arbitrary File Write
U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...