Lucene search
+L

273 matches found

seebug.org
seebug.org
added 2006/04/10 12:0 a.m.16 views

Horde <= 3.0.9 3.1.0 (Help Viewer) Remote Code Execution (metasploit)

No description provided by source. Title: Horde = 3.0.9, 3.1.0 Help Viewer Remote PHP Code Execution Vulnerability Name: hordehelpmodule.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/04/10 12:0 a.m.35 views

Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution (Metasploit)

Title: Horde package Msf::Exploit::hordehelpmodule; use base "Msf::Exploit"; use strict; use Pex::Text; use bytes; my $advanced = ; my $info = 'Name' = 'Horde help viewer module remote PHP code execution', 'Version' = '$Revision: 1.0 $', 'Authors' = 'inkubus ' , 'Arch' = , 'OS' = , 'Priv' = 0,...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/25 12:0 a.m.44 views

SquirrelMail Web mail Change Passwd plugin buffer overflow

Buffer overflow on parsing command line arguments...

4AI score
Exploits0Affected Software1
myhack58
myhack58
added 2006/01/20 12:0 a.m.33 views

xinnet. com China new network Web Mail system has a serious vulnerability-a vulnerability warning-the black bar safety net

Long time no Post garbage come up, this also is not prepared to contribute, to the octal friend. First good luck to all octal friends a Happy New Year. Everyone knows China's famous New cafe, new network virtual host in a stable and secure known. Business users very much, I also bought a new...

7.5AI score
Exploits0
NVD
NVD
added 2005/12/28 11:3 a.m.21 views

CVE-2005-4556

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...

7.5CVSS6.5AI score0.1037EPSS
Exploits1References9
NVD
NVD
added 2005/12/28 11:3 a.m.21 views

CVE-2005-4559

mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the defaultlayout and layoutsettings variables when an unrecognized HTTPUSERAGENT string is provided, which allows remote attackers to acce...

5CVSS6.7AI score0.08596EPSS
Exploits0References10
NVD
NVD
added 2005/12/28 11:3 a.m.16 views

CVE-2005-4557

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte %00 in the lang parameter, possibly due to a directory traversal vulnerability...

5CVSS6.7AI score0.09482EPSS
Exploits1References9
NVD
NVD
added 2005/12/28 11:3 a.m.23 views

CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...

6.5CVSS6.3AI score0.08328EPSS
Exploits1References10
Cvelist
Cvelist
added 2005/12/28 11:0 a.m.26 views

CVE-2005-4556

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...

6.5AI score0.1037EPSS
Exploits1References9
Cvelist
Cvelist
added 2005/12/28 11:0 a.m.30 views

CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...

6.3AI score0.08328EPSS
Exploits1References10
Cvelist
Cvelist
added 2005/12/28 11:0 a.m.26 views

CVE-2005-4557

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte %00 in the lang parameter, possibly due to a directory traversal vulnerability...

6.7AI score0.09482EPSS
Exploits1References9
CVE
CVE
added 2005/12/28 11:0 a.m.66 views

CVE-2005-4558

CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...

6.5CVSS6.4AI score0.08328EPSS
Exploits1References10Affected Software3
CVE
CVE
added 2005/12/28 11:0 a.m.63 views

CVE-2005-4557

CVE-2005-4557 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue is a remote inclusion vulnerability: an attacker can cause the system to include arbitrary local files via a null byte (%00) in the lang parameter, likely due to a ...

5CVSS6.7AI score0.09482EPSS
Exploits1References9Affected Software3
CVE
CVE
added 2005/12/28 11:0 a.m.64 views

CVE-2005-4556

CVE-2005-4556 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). When register_globals is on, remote attackers can exploit PHP remote file include via the lang_settings and language parameters in accounts/inc/include.php and admin/inc/include...

7.5CVSS6.6AI score0.1037EPSS
Exploits1References9Affected Software3
CVE
CVE
added 2005/12/28 11:0 a.m.51 views

CVE-2005-4559

CVE-2005-4559 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue lies in mail/include.html where default_layout and layout_settings are not properly initialized when an unrecognized HTTP_USER_AGENT is sent. This allows remote att...

5CVSS6.7AI score0.08596EPSS
Exploits0References10Affected Software3
securityvulns
securityvulns
added 2005/12/28 12:0 a.m.21 views

Multiple Merak Mail Server / Icewarp Web Mail vulnerabilities

Unauthorized access, crossite scripting, unauthorized files deletion, information leak...

2.2AI score
Exploits0References2Affected Software3
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.26 views

Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail

The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - . This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities. OpenVAS Vulnerability Test $Id:...

7.5CVSS0.07888EPSS
Exploits3References9
Packet Storm
Packet Storm
added 2005/10/06 12:0 a.m.52 views

MerakXSS.txt

ShineShadow Security Report 30092005-06 TITLE: Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1. BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting- edge Merak Mail Server Instant Antispam and much more, is the fastest,...

7.4AI score
Exploits0
NVD
NVD
added 2005/10/04 10:2 p.m.14 views

CVE-2005-3132

MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlistinc.html, which reveals the path in an error message...

5CVSS6.2AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2005/10/04 10:2 p.m.15 views

CVE-2005-3131

Multiple cross-site scripting XSS vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to blank.html, or the createdataCX parameter to 2 calendard.html, 3...

4.3CVSS5.9AI score0.03645EPSS
Exploits1References4
Rows per page
Query Builder