78 matches found
[Full-disclosure] SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs
SEC-CONSULT Security Discussion Paper 20051202-1 ================================================================================ title: A Word on Webmail Security and Browser related XSS Bugs program: Multiple Webmail Solutions found: --- by: SEC Consult Vulnerability Lab / www.sec-consult.com...
CVE-2004-2537
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."...
CVE-2004-2537
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."...
SquirrelMail: Encoded text XSS vulnerability
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...
Multiple Webmail systems crossite scripting
Crossite scripting via Content-Type...
Session Hijacking in CommunigatePro
In webmail interface session identifier is passed to server as a part of GET requiest, thouse may be discovered by third party via Referer: field...
XSS-Cookie-Advisory.txt
------------------------------------------------------- XSS/Cookie problems at major webmail sites Advisory ------------------------------------------------------- XSS/Cookie problems at major webmail sites 13/11/02 - by "N|ghtHawk" Thijs Bosschert nighthawkathackers4hackers.org...
Crossitescripting in Argosoft Mail Server Pro
Crossite scripting in WebMail, cleartext passwords in cookie :...
SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with...
SquirrelMail 1.2.61.2.7 - Multiple Cross-Site Scripting Vulnerabilities
SquirrelMail 1.2.61.2.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. Multiple cross site scripting...
BasiliX multiple vulnerabilities
BasiliX multiple vulnerabilities PROGRAM: BasiliX VENDOR: Murat Arslan [email protected] et al. HOMEPAGE: http://basilix.org/ VULNERABLE VERSIONS: 1.1.0 and all previous versions LOGIN REQUIRED: yes some issues, no some issues SEVERITY: high DESCRIPTION: "BasiliX is a webmail application based ...
emumail.cgi
name : emumail.cgi date : 04/04/2002 description : EMU Webmail: how to check your email from the web. severity : Low/average-risk homepage : www.emumail.com Any user can view files on the remote system: xxx/PATH/emumail.cgi?type=FILE00 The vendor were contact about that...
Horde IMP 2.2.x - Session Hijacking
source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked wi...
cobalt.webmail.txt
I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...
Cobalt Cube Webmail directory traversal
I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...
Security problems with TWIG webmail system
Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...
DoS против WebMail
Переполнение буфера в SMTP-команде HELO. В CMail - переполнение буфера при длинном имени пользователя в веб-интерфейсе порт 8002...
bigfoot-bellsouth-webmail.txt
Date: Fri, 8 Jan 1999 07:07:20 -0600 From: "Madere, Russel" To: [email protected] Subject: Bigfoot/Bellsouth Webmail bug I seem to have found another "bug" with the Bigfoot/Bellsouth Webmail. Users can log back into the service from cached pages. This is a huge security hole, especially for...