Lucene search
K

219 matches found

Exploit DB
Exploit DB
added 2014/09/08 12:0 a.m.23 views

Atmail Webmail 7.2 - Multiple Vulnerabilities

Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.com Version: =7.2 Latest ATM, tested also on 7.1.1 Authors: Smash & Brag / smashatdevilteam.pl PoC: poczta.pl / demo.atmail.com 1. Cross Site Scripting a GET - viewmessageTabNumber Request:...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure

No description provided by source. Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

atmail email server appliance 6.4 - Stored XSS - csrf - rce

No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.39 views

Atmail Webmail < 5.4.2 (5.42) Multiple Information Disclosure Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is a version prior to 5.4.2 5.42. It is, therefore, potentially affected by the following vulnerabilities : - A weak permissions error exists related to the files 'webmail/libs/Atmail/Config.php' and...

7.8CVSS5.6AI score0.02076EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.24 views

Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery

According to its version, the Atmail Webmail install on the remote host is 4.5.1 4.51 or 5.x prior to 5.0.3 5.03. It is, therefore, potentially affected by an input-validate error in the file 'util.pl' that could allow cross-site request forgery XSRF attacks. %NASLMINLEVEL 70300 C Tenable Network...

7.5CVSS5.2AI score0.00956EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.368 views

Atmail Webmail 6.x / 7.x < 7.2.0 Multiple Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is 6.x or 7.x prior to 7.2.0. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to email handling that could allow persistent cross-site scripting attacks XSS...

6.8CVSS5.4AI score0.04373EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.19 views

Atmail Webmail < 6.5.0 'DOM processor' XSS

According to its version, the Atmail Webmail install on the remote host is a version prior to 6.5.0. It is, therefore, potentially affected by an input validation error related to the 'DOM processor' and 'script' tags that could allow cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable...

5.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.29 views

Atmail Webmail 3.x < 3.6.4 (3.64) Multiple Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is 3.x prior to 3.6.4 3.64. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the script 'showmail.pl' and the 'Folder' parameter that could allow...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.32 views

Atmail Webmail < 6.3.5 Multiple XSS Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is a version prior to 6.3.5. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to log search functionality and the 'range' and 'index' parameters. - An input...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.47 views

Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is version 6.x prior to 6.6.4 or 7.x prior to 7.1.2. It is, therefore potentially affected by numerous, unspecified errors having unspecified impacts via unspecified vectors. %NASLMINLEVEL 70300 C Tenable Network Security, In...

10CVSS5.5AI score0.01669EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.82 views

Atmail Webmail < 6.6.2 Exim Buffer Overflow

According to its version, the Atmail Webmail install on the remote host is a version prior to 6.6.2. It is, therefore, potentially affected by an error in the included Exim component related to the 'dkimeximquerydnstxt' function and DNS record parsing that could allow a buffer overflow and possib...

6.8CVSS7.7AI score0.08382EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.40 views

Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS

According to its version, the Atmail Webmail install on the remote host is 4.x prior to 4.6.1 4.61. It is, therefore, potentially affected by an input-validate error in the file 'Global.pm' that could allow cross-site scripting XSS attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

6.8CVSS5AI score0.01143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/04/18 12:0 a.m.30 views

Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS

According to its version, the Atmail Webmail install on the remote host is version 6.6.x prior to 6.6.3 or 7.x prior to 7.0.3. It is, therefore, potentially affected by an input validation error related to the script '/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/' and the 'File...

4.3CVSS5.3AI score0.01892EPSS
Exploits2References3
NVD
NVD
added 2014/02/12 6:55 p.m.32 views

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

4.3CVSS5.6AI score0.01892EPSS
Exploits2References3
Prion
Prion
added 2014/02/12 6:55 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

4.3CVSS6AI score0.01892EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2014/02/12 6:0 p.m.32 views

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

5.6AI score0.01892EPSS
Exploits2References3
CVE
CVE
added 2014/02/12 6:0 p.m.59 views

CVE-2013-2585

CVE-2013-2585 is an XSS vulnerability in Atmail Webmail Server affecting 6.6.x before 6.6.3 and 7.x before 7.0.3. The flaw permits injection of arbitrary script/HTML via PATH_INFO in index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/ (File Name parameter). Related e...

4.3CVSS5.7AI score0.01892EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2014/02/12 3:55 p.m.33 views

CVE-2013-6229

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

4.3CVSS5.6AI score0.01779EPSS
Exploits2References2
Prion
Prion
added 2014/02/12 3:55 p.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

4.3CVSS6AI score0.01892EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2014/02/12 3:0 p.m.34 views

CVE-2013-6229

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

5.6AI score0.01779EPSS
Exploits2References2
Rows per page
Query Builder