97 matches found
CVE-2013-2585
Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...
CVE-2013-2585
CVE-2013-2585 is an XSS vulnerability in Atmail Webmail Server affecting 6.6.x before 6.6.3 and 7.x before 7.0.3. The flaw permits injection of arbitrary script/HTML via PATH_INFO in index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/ (File Name parameter). Related e...
CVE-2013-6229
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...
CVE-2013-6229
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...
CVE-2013-6229
CVE-2013-6229 affects Atmail Webmail Server 7.0.2 with two XSS vectors: (1) filter parameter in index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 and (2) mailId[] in index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. The ...
Atmail Webmail Server - Email Body HTML Injection
Atmail Webmail Server - Email Body HTML Injection source: https://www.securityfocus.com/bid/64779/info Atmail Webmail Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentiall...
Atmail Webmail Server - Email Body HTML Injection
source: https://www.securityfocus.com/bid/64779/info Atmail Webmail Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...
CVE-2013-6017
Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...
Cross site scripting
Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...
CVE-2013-6017
Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...
CVE-2013-6028
Multiple cross-site request forgery CSRF vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts, 2 modify user accounts, 3 delete user accounts, or 4 stop the product's service...
CVE-2013-6028
CVE-2013-6028 applies to Atmail Webmail Server (before 7.2). The connected sources confirm a CSRF vulnerability that lets an attacker hijack administrator authentication to perform actions such as adding, modifying, or deleting user accounts, or stopping the service. The vulnerability stems from ...
EUVD-2013-5847
Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...
CVE-2013-6017
Atmail Webmail Server prior to 7.2 is vulnerable to stored cross-site scripting (XSS) via the body of an e-mail message, demonstrated by an IFRAME SRC attribute. The flaw exists in Atmail Webmail Server versions 6.x/7.x before 7.2.0 and is caused by input validation issues in email handling. Succ...
Atmail Webmail Server version 7.1.3 contains cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities
Overview Atmail Webmail Server version 7.1.3 and possibly earlier versions contain stored cross-site scripting XSS CWE-79 and cross-site request forgery CSRF CWE-352 vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' -...
IA WebMail Server 3.x - Remote Buffer Overflow (Metasploit)
$Id: iawebmail.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
IceWarp WebMail口令取回功能输入验证漏洞
BUGTRAQ ID: 34827 CVECAN ID: CVE-2009-1469 Merak Email Server是一个全面的办公室局域网或Internet通讯邮件解决方案。 Merak邮件服务器的WebMail模块在登陆页面提供了“忘记口令”取回功能,忘记了登录口令的用户可以在这里向邮件服务器提供他们的邮件地址,之后服务器检查系统中是否存在这个地址并将相关的用户口令发回到这个地址。 在点击Forgot Password页面的提交按键时,所发送的HTTP POST请求包含有类似于以下的负载:...
CVE-2009-1469
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element o...
Crlf injection
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element o...