CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

EUVD-2026-28827

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

CVE-2026-44400

Summary: CVE-2026-44400 affects MailEnable Enterprise Premium versions prior to 10.56 (notably 10.55 and earlier). The vulnerability is an improper authorization flaw in the WebAdmin mobile portal that lets an attacker bypass authentication by reusing AuthenticationToken cookies issued for low-pr...

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

PT-2026-39194

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium versions prior to 10.56 Description Improper authorization in the WebAdmin mobile portal allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. ...

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

PT-2026-6592

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description The software contains a stored Cross-Site Scripting XSS issue in how it handles the timeFormat account preference parameter. An attacker can leverage this by injecting a malicious...

CVE-2025-68643

Axigen Mail Server prior to 10.5.57 is affected by a stored XSS in the timeFormat account preference. The vulnerability allows an attacker to inject a malicious JavaScript payload into timeFormat, which is later loaded from storage and inserted into the DOM when the WebMail interface is accessed,...

EUVD-2017-16707

Malware in sbrugna...

cali.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-456814 Description| Value ---|--- Affected Website:| cali.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-7732

A reflected Cross-Site Scripting XSS vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests...

CVE-2017-7732

A reflected Cross-Site Scripting XSS vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests...

hosting24.com XSS vulnerability

Vulnerable URL: https://www.hosting24.com/webmaillogin.php?action=login Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 85113 VIP website status:| Yes Coordinated Disclosure Timelin...

SQL Injection Vulnerability in Name Parameter of Times Internet Enterprise Email System

Times Internet is dedicated to providing professional email service providers for a wide range of enterprise-level users. A SQL injection vulnerability exists in the name parameter of the webmail/login.php page in version 2.2.5 of Times Internet's enterprise email system. It allows attackers to...

NetWin Surgemail XSS vulnerability

Application NetWin Surgemail 4.3e Vendor NetWin - http://netwinsite.com Discovered by Kerem Kocaer [email protected] Problem ------- Cross-site scripting XSS vulnerability in the Surgemail webmail login page /surgemail allows remote attackers to inject arbitrary web script or HTML. Input...

Unfixed XSS vulnerability at www.alternativasistemas.com.br

Security researcher www.nullcode.com.ar, has submitted on 04/10/2007 a cross-site-scripting XSS vulnerability affecting www.alternativasistemas.com.br, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

iGENUS WebMail 2.0.2 - config_inc.php Remote Code Execution

iGENUS WebMail 2.0.2 - configinc.php Remote Code Execution !/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site:...