219 matches found
Atmail Webmail 7.2 - Multiple Vulnerabilities
Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.com Version: =7.2 Latest ATM, tested also on 7.1.1 Authors: Smash & Brag / smashatdevilteam.pl PoC: poczta.pl / demo.atmail.com 1. Cross Site Scripting a GET - viewmessageTabNumber Request:...
Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure
No description provided by source. Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website :...
atmail email server appliance 6.4 - Stored XSS - csrf - rce
No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...
Atmail Webmail < 5.4.2 (5.42) Multiple Information Disclosure Vulnerabilities
According to its version, the Atmail Webmail install on the remote host is a version prior to 5.4.2 5.42. It is, therefore, potentially affected by the following vulnerabilities : - A weak permissions error exists related to the files 'webmail/libs/Atmail/Config.php' and...
Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery
According to its version, the Atmail Webmail install on the remote host is 4.5.1 4.51 or 5.x prior to 5.0.3 5.03. It is, therefore, potentially affected by an input-validate error in the file 'util.pl' that could allow cross-site request forgery XSRF attacks. %NASLMINLEVEL 70300 C Tenable Network...
Atmail Webmail 6.x / 7.x < 7.2.0 Multiple Vulnerabilities
According to its version, the Atmail Webmail install on the remote host is 6.x or 7.x prior to 7.2.0. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to email handling that could allow persistent cross-site scripting attacks XSS...
Atmail Webmail < 6.5.0 'DOM processor' XSS
According to its version, the Atmail Webmail install on the remote host is a version prior to 6.5.0. It is, therefore, potentially affected by an input validation error related to the 'DOM processor' and 'script' tags that could allow cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable...
Atmail Webmail 3.x < 3.6.4 (3.64) Multiple Vulnerabilities
According to its version, the Atmail Webmail install on the remote host is 3.x prior to 3.6.4 3.64. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the script 'showmail.pl' and the 'Folder' parameter that could allow...
Atmail Webmail < 6.3.5 Multiple XSS Vulnerabilities
According to its version, the Atmail Webmail install on the remote host is a version prior to 6.3.5. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to log search functionality and the 'range' and 'index' parameters. - An input...
Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities
According to its version, the Atmail Webmail install on the remote host is version 6.x prior to 6.6.4 or 7.x prior to 7.1.2. It is, therefore potentially affected by numerous, unspecified errors having unspecified impacts via unspecified vectors. %NASLMINLEVEL 70300 C Tenable Network Security, In...
Atmail Webmail < 6.6.2 Exim Buffer Overflow
According to its version, the Atmail Webmail install on the remote host is a version prior to 6.6.2. It is, therefore, potentially affected by an error in the included Exim component related to the 'dkimeximquerydnstxt' function and DNS record parsing that could allow a buffer overflow and possib...
Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS
According to its version, the Atmail Webmail install on the remote host is 4.x prior to 4.6.1 4.61. It is, therefore, potentially affected by an input-validate error in the file 'Global.pm' that could allow cross-site scripting XSS attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS
According to its version, the Atmail Webmail install on the remote host is version 6.6.x prior to 6.6.3 or 7.x prior to 7.0.3. It is, therefore, potentially affected by an input validation error related to the script '/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/' and the 'File...
CVE-2013-2585
Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...
Cross site scripting
Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...
CVE-2013-2585
Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...
CVE-2013-2585
CVE-2013-2585 is an XSS vulnerability in Atmail Webmail Server affecting 6.6.x before 6.6.3 and 7.x before 7.0.3. The flaw permits injection of arbitrary script/HTML via PATH_INFO in index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/ (File Name parameter). Related e...
CVE-2013-6229
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...
CVE-2013-6229
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...