Lucene search
K

78 matches found

securityvulns
securityvulns
added 2005/12/02 12:0 a.m.47 views

[Full-disclosure] SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs

SEC-CONSULT Security Discussion Paper 20051202-1 ================================================================================ title: A Word on Webmail Security and Browser related XSS Bugs program: Multiple Webmail Solutions found: --- by: SEC Consult Vulnerability Lab / www.sec-consult.com...

5.6AI score
Exploits0
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.17 views

CVE-2004-2537

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."...

6.6AI score0.01703EPSS
Exploits0References5
NVD
NVD
added 2004/12/31 5:0 a.m.9 views

CVE-2004-2537

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."...

10CVSS6.6AI score0.01703EPSS
Exploits0References5
Gentoo Linux
Gentoo Linux
added 2004/11/17 12:0 a.m.35 views

SquirrelMail: Encoded text XSS vulnerability

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...

6.8CVSS1.4AI score0.02818EPSS
Exploits0
securityvulns
securityvulns
added 2004/07/06 12:0 a.m.28 views

Multiple Webmail systems crossite scripting

Crossite scripting via Content-Type...

2.4AI score
Exploits0References4Affected Software5
securityvulns
securityvulns
added 2003/05/05 12:0 a.m.31 views

Session Hijacking in CommunigatePro

In webmail interface session identifier is passed to server as a part of GET requiest, thouse may be discovered by third party via Referer: field...

2.4AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2002/11/17 12:0 a.m.43 views

XSS-Cookie-Advisory.txt

------------------------------------------------------- XSS/Cookie problems at major webmail sites Advisory ------------------------------------------------------- XSS/Cookie problems at major webmail sites 13/11/02 - by "N|ghtHawk" Thijs Bosschert nighthawkathackers4hackers.org...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/10/07 12:0 a.m.36 views

Crossitescripting in Argosoft Mail Server Pro

Crossite scripting in WebMail, cleartext passwords in cookie :...

1.6AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2002/09/19 12:0 a.m.26 views

SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with...

7AI score
Exploits0
exploitpack
exploitpack
added 2002/09/19 12:0 a.m.18 views

SquirrelMail 1.2.61.2.7 - Multiple Cross-Site Scripting Vulnerabilities

SquirrelMail 1.2.61.2.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. Multiple cross site scripting...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/06/20 12:0 a.m.22 views

BasiliX multiple vulnerabilities

BasiliX multiple vulnerabilities PROGRAM: BasiliX VENDOR: Murat Arslan [email protected] et al. HOMEPAGE: http://basilix.org/ VULNERABLE VERSIONS: 1.1.0 and all previous versions LOGIN REQUIRED: yes some issues, no some issues SEVERITY: high DESCRIPTION: "BasiliX is a webmail application based ...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/04/04 12:0 a.m.38 views

emumail.cgi

name : emumail.cgi date : 04/04/2002 description : EMU Webmail: how to check your email from the web. severity : Low/average-risk homepage : www.emumail.com Any user can view files on the remote system: xxx/PATH/emumail.cgi?type=FILE00 The vendor were contact about that...

1.2AI score
Exploits0
Exploit DB
Exploit DB
added 2001/11/09 12:0 a.m.24 views

Horde IMP 2.2.x - Session Hijacking

source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked wi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2001/07/12 12:0 a.m.38 views

cobalt.webmail.txt

I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/07/06 12:0 a.m.44 views

Cobalt Cube Webmail directory traversal

I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2000/11/28 12:0 a.m.73 views

Security problems with TWIG webmail system

Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/06/08 12:0 a.m.29 views

DoS против WebMail

Переполнение буфера в SMTP-команде HELO. В CMail - переполнение буфера при длинном имени пользователя в веб-интерфейсе порт 8002...

Exploits0References2Affected Software2
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.21 views

bigfoot-bellsouth-webmail.txt

Date: Fri, 8 Jan 1999 07:07:20 -0600 From: "Madere, Russel" To: [email protected] Subject: Bigfoot/Bellsouth Webmail bug I seem to have found another "bug" with the Bigfoot/Bellsouth Webmail. Users can log back into the service from cached pages. This is a huge security hole, especially for...

7.4AI score
Exploits0
Rows per page
Query Builder