Lucene search
K

78 matches found

Openbugbounty
Openbugbounty
added 2020/05/26 1:54 a.m.10 views

webmail.helsingenet.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1172057 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.1AI score
Exploits0
exploitpack
exploitpack
added 2020/03/10 12:0 a.m.104 views

Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution

Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution !/bin/sh if "$" -ne 4 ; then echo '! Usage: ' 1&2 exit 1 fi BASE="$1" USERNAME="$2" PASSWORD="$3" COMMAND="$4" JAR="$mktemp" trap 'rm -f "$JAR"' EXIT echo "+ Logging in as $USERNAME:$PASSWORD" 1&2 curl -si -c "$JAR" "$BASE/login.php" ...

0.2AI score
Exploits0
OSV
OSV
added 2019/11/26 4:15 p.m.2 views

CVE-2019-19129

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...

6.1CVSS6.4AI score0.00802EPSS
Exploits0References2
CNVD
CNVD
added 2019/11/19 12:0 a.m.1 views

Google Gmail Cross-Site Scripting Vulnerability

Gmail is Google's free webmail service. Google Gmail suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web script or HTML...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/11/09 12:0 a.m.3 views

PT-2023-5637

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3 Description Roundcube Webmail contains a cross-site scripting XSS issue due to insufficient sanitization of characters in link references within text messages...

9.9CVSS7AI score0.89462EPSS
Exploits42References102
Cvelist
Cvelist
added 2019/08/05 12:43 p.m.27 views

CVE-2017-18473

cPanel before 62.0.4 allows self XSS on the webmail Password and Security page SEC-199...

5.3AI score0.00531EPSS
Exploits0References1
CVE
CVE
added 2017/11/09 2:0 p.m.1120 views

CVE-2017-16651

CVE-2017-16651 - Roundcube Webmail file disclosure : Authenticated users can read arbitrary files on the host filesystem via the file-based attachment plugin workflow (_task=settings&_action=upload-display&_from=timezone). Affected versions include Roundcube before 1.1.10, 1.2.x before 1.2.7, and...

7.8CVSS7.2AI score0.42831EPSS
In wildExploits5References10Affected Software1
Openbugbounty
Openbugbounty
added 2017/07/05 12:5 p.m.17 views

webmail.bait.net.pl Open Redirect vulnerability

Vulnerable URL: http://webmail.bait.net.pl/horde/util/go.php?url=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 21.09.2017 Latest check for patch:| 21.09.2017 13:57 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/08/25 2:44 p.m.17 views

webmail.ac-lille.fr XSS vulnerability

Vulnerable URL: https://webmail.ac-lille.fr/filex/upload/" Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 10:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/07/11 1:28 p.m.12 views

webmail.co.za XSS vulnerability

Vulnerable URL: http://www.webmail.co.za/login.php?msg=...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/05/22 4:20 a.m.24 views

webmail.dsidata.sk XSS vulnerability

Open Bug Bounty ID: OBB-155297 Description| Value ---|--- Affected Website:| webmail.dsidata.sk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

RoundCube Webmail 0.2 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37654/info RoundCube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/08/20 12:0 a.m.33 views

T-dah Webmail - Cross-Site Request Forgery Persistent Cross-Site Scripting

T-dah Webmail - Cross-Site Request Forgery Persistent Cross-Site Scripting ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- T-dah Webmail CSRF &...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/17 12:0 a.m.34 views

T-dah Webmail Cross Site Request Forgery / Cross Site Scripting

----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- T-dah Webmail CSRF & Stored XSS Bug discovered by Pr0T3cT10n AKA Yakir Wizman, Date 17/08/2012...

0.3AI score
Exploits0
CVE
CVE
added 2011/09/21 4:0 p.m.65 views

CVE-2011-2937

Roundcube Webmail vulnerability CVE-2011-2937 is a cross-site scripting (XSS) flaw in the UI messages functionality present before version 0.5.4. The issue allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. The description specifies the vuln...

4.3CVSS5.9AI score0.02453EPSS
Exploits1References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.28 views

Fedora 11 : roundcubemail-0.3.1-2.fc11 (2010-1399)

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0464 to the following vulnerability: Name: CVE-2010-0464 URL: http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2010-0464 Assigned: 20100129 Reference: MISC: https://secure.grepular.com/DNSPrefetchExposureonThunderbirdandW ebma...

5CVSS5.4AI score0.01962EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2010/05/25 11:56 a.m.20 views

New Tabbed Browsing Phishing Attack Exploits User Trust

A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be use...

0.2AI score
Exploits0References4
OSV
OSV
added 2010/01/29 6:30 p.m.4 views

CVE-2010-0464

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...

6.6AI score0.01962EPSS
Exploits0References3
Cvelist
Cvelist
added 2010/01/29 6:0 p.m.27 views

CVE-2010-0464

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...

6.2AI score0.01962EPSS
Exploits0References3
CVE
CVE
added 2008/11/05 2:51 p.m.52 views

CVE-2008-4932

CVE-2008-4932 affects U-Mail Webmail server 4.91 via webmail/modules/filesystem/edit.php. An attacker can remotely overwrite arbitrary files by supplying an absolute pathname in the path parameter and arbitrary content in the content parameter; writing PHP code to a file within the web document r...

9CVSS7.3AI score0.0552EPSS
Exploits2References6Affected Software1
Rows per page
Query Builder