75 matches found
AfterLogic Aurora 路径遍历漏洞
Afterlogic Aurora is a set of U.S. Afterlogic Inc. using PHP language written in the enterprise mail server platform. The platform includes features such as e-mail, file storage and address book management. A path traversal vulnerability exists in AfterLogic Aurora through 8.5.3 and WebMail Pro...
CVE-2019-19129
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...
Cross site scripting
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...
CVE-2019-19129
Technical details about CVE-2019-19129 are not publicly provided in the connected documents; no root cause, affected components, or fixes are disclosed. Monitor for updates.
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
No description provided by source...
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure (via XXE Injection)
Exploit for asp platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely...
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro...
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection
ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...
MailBee WebMail Pro 3.4 Check_login.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23481/info MailBee WebMail Pro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code ...
AfterLogic MailBee WebMail Pro 3.x default.asp mode2 Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/25942/info MailBee WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-bas...
AfterLogic WebMail Pro 4.7.10 Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/36605/info AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in...
AfterLogic MailBee WebMail Pro 3.x login.php mode Parameter XSS
No description provided by source...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 HistoryStorageObjectName and 2 HistoryKey parameters...
CVE-2009-4743
Multiple cross-site scripting XSS vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 HistoryStorageObjectName and 2 HistoryKey parameters...
CVE-2009-4743
CVE-2009-4743 affects AfterLogic WebMail Pro versions up to 4.7.10, via XSS in history-storage.aspx. The vulnerability is triggered by specially crafted HistoryStorageObjectName and HistoryKey parameters, allowing remote attackers to inject arbitrary web script/HTML and execute in the victim’s br...
CVE-2009-4743
Multiple cross-site scripting XSS vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 HistoryStorageObjectName and 2 HistoryKey parameters...
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-...
AfterLogic WebMail Pro <= 4.7.10 Multiple XSS Vulnerabilities
AfterLogic WebMail Pro is prone to multiple cross-site scripting XSS vulnerabilities because the application fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
AfterLogic WebMail Pro Detection
This host is running AfterLogic WebMail Pro, a Webmail front-end for your existing POP3/IMAP mail server. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...