123 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-1230
The CVE-2016-1230 entry concerns WebARENA Service formmail by NTT PC Communications, with an XSS vulnerability in formmail before 2.2.1. The connected sources (e.g., JVN entries and CNVD/NVD records) confirm a cross-site scripting flaw (CWE-79) affecting formmail 2.2 and earlier, allowing an atta...
CVE-2016-1230
Cross-site scripting XSS vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
WebARENA formmail vulnerable to cross-site scripting
Overview formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#24143619: WebARENA formmail vulnerable to cross-site scripting
formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...
FormMail Cross-Site Scripting Vulnerability
FormMail is a cross-platform with Perl implementation of Web-based mail gateway products . A cross-site scripting vulnerability exists in FormMail 2.2 and earlier versions. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Matt Wright FormMail Multiple cross-site scripting (XSS) vulnerabilities (CVE-2009-1776; CVE-2009-1777)
FormMail is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal...
FormMail-Clone Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious lin...
formmail 1.92 Multiple Vulnerabilities
No description provided by source. FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor...
Matt Wright FormMail 1.6/1.7/1.8 Environmental Variables Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to...
Matt Wright FormMail 1.x Cross-Site Request Forgery Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2080/info FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization, using remote syste...
FormMail 1.92 Multiple Remote Vulnerabilities
No description provided by source. FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor...
formmail 1.92 - Multiple Vulnerabilities
FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor http://www.scriptarchive.com/formmail.html Advisory...
FormMail 1.92 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ============================================= FormMail 1.92 Multiple Remote Vulnerabilities ============================================= FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected...
formmail 1.92 - Multiple Vulnerabilities
formmail 1.92 - Multiple Vulnerabilities FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor...
CVE-2009-1777
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter...
CVE-2009-1776
CVE-2009-1776 affects Matt Wright FormMail’s FormMail.pl (FormMail 1.92 and possibly earlier). The vulnerability allows cross-site scripting via javascript: URIs in the (1) request and (2) return_link_url parameters, enabling remote attackers to inject arbitrary script/HTML in victims’ browsers. ...
CVE-2009-1777
CVE-2009-1777 : CRLF injection vulnerability in Matt Wright FormMail 1.92 (and possibly earlier) allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the redirect parameter. The vulnerability arises from insufficient input sanitization in FormMail.pl, e...
FormMail HTTP响应拆分和跨站脚本漏洞
BUGTRAQ ID: 34929 FormMail是一款用perl实现的基于WEB的邮件网关,可以运行于大多数Linux/Unix以及Windows等多种系统平台。 FormMail.pl模块没有正确地验证用户所提交的request和returnlinkurl参数,远程攻击者可以通过提交恶意请求执行跨站脚本攻击,或在返回给用户的响应中包含任意HTTP头。 Matt Wright FormMail 1.92 Matt Wright ----------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Matt Wright FormMail HTTP Response Splitting and XSS Vulnerabilities
FormMail is prone to an HTTP response splitting vulnerability and multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...