78 matches found
webmail.helsingenet.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1172057 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution !/bin/sh if "$" -ne 4 ; then echo '! Usage: ' 1&2 exit 1 fi BASE="$1" USERNAME="$2" PASSWORD="$3" COMMAND="$4" JAR="$mktemp" trap 'rm -f "$JAR"' EXIT echo "+ Logging in as $USERNAME:$PASSWORD" 1&2 curl -si -c "$JAR" "$BASE/login.php" ...
CVE-2019-19129
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...
Google Gmail Cross-Site Scripting Vulnerability
Gmail is Google's free webmail service. Google Gmail suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web script or HTML...
PT-2023-5637
Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3 Description Roundcube Webmail contains a cross-site scripting XSS issue due to insufficient sanitization of characters in link references within text messages...
CVE-2017-18473
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page SEC-199...
CVE-2017-16651
CVE-2017-16651 - Roundcube Webmail file disclosure : Authenticated users can read arbitrary files on the host filesystem via the file-based attachment plugin workflow (_task=settings&_action=upload-display&_from=timezone). Affected versions include Roundcube before 1.1.10, 1.2.x before 1.2.7, and...
webmail.bait.net.pl Open Redirect vulnerability
Vulnerable URL: http://webmail.bait.net.pl/horde/util/go.php?url=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 21.09.2017 Latest check for patch:| 21.09.2017 13:57 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...
webmail.ac-lille.fr XSS vulnerability
Vulnerable URL: https://webmail.ac-lille.fr/filex/upload/" Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 10:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...
webmail.co.za XSS vulnerability
Vulnerable URL: http://www.webmail.co.za/login.php?msg=...
webmail.dsidata.sk XSS vulnerability
Open Bug Bounty ID: OBB-155297 Description| Value ---|--- Affected Website:| webmail.dsidata.sk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
RoundCube Webmail 0.2 Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37654/info RoundCube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...
T-dah Webmail - Cross-Site Request Forgery Persistent Cross-Site Scripting
T-dah Webmail - Cross-Site Request Forgery Persistent Cross-Site Scripting ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- T-dah Webmail CSRF &...
T-dah Webmail Cross Site Request Forgery / Cross Site Scripting
----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- T-dah Webmail CSRF & Stored XSS Bug discovered by Pr0T3cT10n AKA Yakir Wizman, Date 17/08/2012...
CVE-2011-2937
Roundcube Webmail vulnerability CVE-2011-2937 is a cross-site scripting (XSS) flaw in the UI messages functionality present before version 0.5.4. The issue allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. The description specifies the vuln...
Fedora 11 : roundcubemail-0.3.1-2.fc11 (2010-1399)
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0464 to the following vulnerability: Name: CVE-2010-0464 URL: http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2010-0464 Assigned: 20100129 Reference: MISC: https://secure.grepular.com/DNSPrefetchExposureonThunderbirdandW ebma...
New Tabbed Browsing Phishing Attack Exploits User Trust
A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be use...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
CVE-2008-4932
CVE-2008-4932 affects U-Mail Webmail server 4.91 via webmail/modules/filesystem/edit.php. An attacker can remotely overwrite arbitrary files by supplying an absolute pathname in the path parameter and arbitrary content in the content parameter; writing PHP code to a file within the web document r...