CVE-2007-5046

Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...

ArGoSoft Mail Server multiple flaws(2)

The remote host is running the ArGoSoft WebMail interface. There are multiple flaws in this interface which may allow an attacker to bypass authentication, inject HTML in the e-mails read by the users and even to read arbitrary files on that server. OpenVAS solely relied on the banner of this...

CVE-2005-0845

Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. dot dot in the attachid parameter...

CVE-2005-1282

CVE-2005-1282 affects ArGoSoft Mail Server Pro 1.8.7.6, with multiple XSS vulnerabilities allowing remote injection via (1) IMG src, (2) webmail user settings, or (3) address book input. The connected sources confirm XSS exposure and affected component, but do not provide patch/version remediatio...

[SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities

SIG^2 Vulnerability Research Advisory SurgeMail Webmail Attachment Upload and XSS Vulnerabilities by Tan Chew Keong Release Date: 23 Mar 2005 ADVISORY URL http://www.security.org.sg/vuln/surgemail22g3.html SUMMARY SurgeMail http://netwinsite.com/surgemail/ is a next generation Mail Server -...

DeskNow Mail and Collaboration Server Directory Traversal

WebMail interface directory traversal...

Multiple SLMail bugs

Buffer overflows in webmail and Supervisor Report Center interface...

Kerio Mail Server multiple bugs

Multiple buffer overflows in WebMail interface. Crossite scripting...

CVE-2001-1294

Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service crash in the Webmail interface via a long username and password...

CVE-2001-1283

The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service crash via a mailbox name that contains a large number of . dot or other characters to programs such as 1 readmail.cgi or 2 printmail.cgi, possibly due to a buffer overflow that...

CVE-2001-1294

CVE-2001-1294 describes a buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier, allowing remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. The connected records confirm the affected software and the impact (availability). Root ca...

CVE-2001-1283

CVE-2001-1283 affects Ipswitch IMail webmail interface (versions 7.04 and earlier). Affected component is the webmail CGI handlers (readmail.cgi and printmail.cgi); remote authenticated users can crash the service via mailbox names containing many dots or other characters, likely due to a buffer ...

CVE-2001-1283

The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service crash via a mailbox name that contains a large number of . dot or other characters to programs such as 1 readmail.cgi or 2 printmail.cgi, possibly due to a buffer overflow that...

AVTronics InetServer DoS and BoF Vulnerabilities

Strumpf Noir Society Advisories ! Public release ! -- -= AVTronics InetServer DoS and BoF Vulnerabilities =- Release date: Wednesday, August 22, 2001 Introduction: AVTronics InetServer is a freeware product suite for MS Windows, bundling such services as SMTP, POP3, Daytime and Telnet in 1 produc...

CVE-2001-1294

Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service crash in the Webmail interface via a long username and password...