Lucene search
K

97 matches found

Cvelist
Cvelist
added 2014/02/12 6:0 p.m.32 views

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

5.6AI score0.01892EPSS
Exploits2References3
CVE
CVE
added 2014/02/12 6:0 p.m.59 views

CVE-2013-2585

CVE-2013-2585 is an XSS vulnerability in Atmail Webmail Server affecting 6.6.x before 6.6.3 and 7.x before 7.0.3. The flaw permits injection of arbitrary script/HTML via PATH_INFO in index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/ (File Name parameter). Related e...

4.3CVSS5.7AI score0.01892EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2014/02/12 3:55 p.m.32 views

CVE-2013-6229

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

4.3CVSS5.6AI score0.01779EPSS
Exploits2References2
Prion
Prion
added 2014/02/12 3:55 p.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

4.3CVSS6AI score0.01892EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2014/02/12 3:0 p.m.34 views

CVE-2013-6229

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

5.6AI score0.01779EPSS
Exploits2References2
CVE
CVE
added 2014/02/12 3:0 p.m.48 views

CVE-2013-6229

CVE-2013-6229 affects Atmail Webmail Server 7.0.2 with two XSS vectors: (1) filter parameter in index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 and (2) mailId[] in index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. The ...

4.3CVSS5.6AI score0.01779EPSS
Exploits2References2Affected Software1
exploitpack
exploitpack
added 2014/01/14 12:0 a.m.12 views

Atmail Webmail Server - Email Body HTML Injection

Atmail Webmail Server - Email Body HTML Injection source: https://www.securityfocus.com/bid/64779/info Atmail Webmail Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentiall...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2014/01/14 12:0 a.m.30 views

Atmail Webmail Server - Email Body HTML Injection

source: https://www.securityfocus.com/bid/64779/info Atmail Webmail Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

7.4AI score
Exploits0
NVD
NVD
added 2014/01/12 6:34 p.m.16 views

CVE-2013-6017

Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...

4.3CVSS5.7AI score0.04373EPSS
Exploits0References4
Prion
Prion
added 2014/01/12 6:34 p.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...

4.3CVSS6.1AI score0.04373EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/01/12 3:0 p.m.20 views

CVE-2013-6017

Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...

5.7AI score0.04373EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/01/12 3:0 p.m.18 views

CVE-2013-6028

Multiple cross-site request forgery CSRF vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts, 2 modify user accounts, 3 delete user accounts, or 4 stop the product's service...

7.2AI score0.00825EPSS
Exploits0References3
CVE
CVE
added 2014/01/12 3:0 p.m.49 views

CVE-2013-6028

CVE-2013-6028 applies to Atmail Webmail Server (before 7.2). The connected sources confirm a CSRF vulnerability that lets an attacker hijack administrator authentication to perform actions such as adding, modifying, or deleting user accounts, or stopping the service. The vulnerability stems from ...

6.8CVSS7.4AI score0.00825EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2014/01/12 3:0 p.m.4 views

EUVD-2013-5847

Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...

4.3CVSS5.6AI score0.04373EPSS
Exploits0References4
CVE
CVE
added 2014/01/12 3:0 p.m.60 views

CVE-2013-6017

Atmail Webmail Server prior to 7.2 is vulnerable to stored cross-site scripting (XSS) via the body of an e-mail message, demonstrated by an IFRAME SRC attribute. The flaw exists in Atmail Webmail Server versions 6.x/7.x before 7.2.0 and is caused by input validation issues in email handling. Succ...

4.3CVSS5.8AI score0.04373EPSS
Exploits0References4Affected Software1
CERT
CERT
added 2014/01/10 12:0 a.m.34 views

Atmail Webmail Server version 7.1.3 contains cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities

Overview Atmail Webmail Server version 7.1.3 and possibly earlier versions contain stored cross-site scripting XSS CWE-79 and cross-site request forgery CSRF CWE-352 vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' -...

6.8CVSS6.1AI score0.04373EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.29 views

IA WebMail Server 3.x - Remote Buffer Overflow (Metasploit)

$Id: iawebmail.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

10CVSS7.1AI score0.69174EPSS
Exploits5
seebug.org
seebug.org
added 2009/05/06 12:0 a.m.46 views

IceWarp WebMail口令取回功能输入验证漏洞

BUGTRAQ ID: 34827 CVECAN ID: CVE-2009-1469 Merak Email Server是一个全面的办公室局域网或Internet通讯邮件解决方案。 Merak邮件服务器的WebMail模块在登陆页面提供了“忘记口令”取回功能,忘记了登录口令的用户可以在这里向邮件服务器提供他们的邮件地址,之后服务器检查系统中是否存在这个地址并将相关的用户口令发回到这个地址。 在点击Forgot Password页面的提交按键时,所发送的HTTP POST请求包含有类似于以下的负载:...

4.3CVSS6.5AI score0.04885EPSS
Exploits3
NVD
NVD
added 2009/05/05 8:30 p.m.26 views

CVE-2009-1469

CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element o...

4.3CVSS6.7AI score0.04885EPSS
Exploits3References7
Prion
Prion
added 2009/05/05 8:30 p.m.24 views

Crlf injection

CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element o...

4.3CVSS7.2AI score0.04885EPSS
Exploits3References7Affected Software2
Rows per page
Query Builder