101 matches found
CVE-2005-2769
CVE-2005-2769 is a cross-site scripting (XSS) flaw in SqWebMail 5.0.4 and possibly other versions. The vulnerability arises when processing HTML emails that contain tags with characters like “>” that are not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML. ...
CVE-2005-2769
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...
[SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 793-1 [email protected] http://www.debian.org/security/ Martin Schulze September 1st, 2005 http://www.debian.org/security/faq -...
DSA-793-1 courier - missing input sanitising
Bulletin has no description...
SqWebMail.txt
====================================================================== Secunia Research 29/08/2005 - SqWebMail HTML Emails Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...
CVE-2005-2724
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer...
CVE-2005-2724
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer...
DEBIAN-CVE-2005-2724
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer...
CVE-2005-2724
CVE-2005-2724 is a cross-site scripting (XSS) vulnerability in SqWebmail: the vulnerability arises from missing input sanitising in the handling of file attachments, allowing an attacker to inject arbitrary script/HTML via the Display feature. The initial description notes SqWebMail 5.0.4 as affe...
CVE-2005-2724
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer...
SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection
SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection source: https://www.securityfocus.com/bid/14676/info SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser. This may allow for various attacks including session...
SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection
source: https://www.securityfocus.com/bid/14676/info SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser. This may allow for various attacks including session hijacking due to the theft of user credentials...
[Full-disclosure] Secunia Research: SqWebMail Attached File Script Insertion Vulnerability
====================================================================== Secunia Research 24/08/2005 - SqWebMail Attached File Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...
CVE-2004-2313
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts such as root, which allows remote attackers to guess the root password via brute force attacks...
CVE-2004-2313
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts such as root, which allows remote attackers to guess the root password via brute force attacks...
CVE-2004-2313
Inter7 SqWebMail 3.4.1–3.6.1 exposes a password-guessing vulnerability: authentication responses differ for incorrect vs. correct passwords on non-mail-enabled accounts (e.g., root), enabling remote attackers to brute-force the root password. The issue is tied to the login error handling and disc...
FreeBSD : sqwebmail (2248)
The following package needs to be updated: sqwebmail %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...
SqWebMail redirect Parameter CRLF Injected XSS
The remote host is running a version of SqWebMail that does not properly sanitize user-supplied input through the 'redirect' parameter. An attacker can exploit this flaw to inject arbitrary HTML and script code into a user's browser to be executed within the context of the affected website. Such...
CVE-2005-1308
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...
CVE-2005-1308
CVE-2005-1308 affects SqWebMail. The vulnerability arises from CRLF sequence handling in the redirect parameter, enabling remote injection of arbitrary HTML/script and likely XSS. Impact described across sources includes attacker-controlled script execution in users’ browsers and potential sessio...