17 matches found
EUVD-2011-4466
Malware in sbrugna...
Crlf injection
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. dot dot in the file parameter...
Code injection
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/...
CVE-2012-1919
CVE-2012-1919 affects AtMail Open-Source’s @Mail WebMail Client (mime.php) prior to version 1.05. The vulnerability is a CRLF injection that allows a remote attacker to perform directory traversal and read arbitrary files by injecting a %0A sequence followed by .. in the file parameter, enabling ...
CVE-2012-1917
CVE-2012-1917 affects AtMail Open-Source (compose.php in the @Mail WebMail Client) prior to version 1.05. The root cause is improper handling of ../ sequences in the unique parameter, allowing remote attackers to perform directory traversal and read arbitrary files via a ..././ sequence. Document...
CVE-2012-1920
The CVE-2012-1920 issue affects the @Mail WebMail Client in AtMail Open-Source 1.04 and earlier. A remote attacker can obtain configuration information by issuing a direct request to install/info.php, which calls phpinfo. This is an information-disclosure vulnerability in the WebMail component. T...
CVE-2012-1920
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...
CVE-2012-1916
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AtMail Open aka AtMail Open-Source edition 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to 1 ldap.php or 2 search.php...
CVE-2011-4540
Multiple cross-site scripting XSS vulnerabilities in AtMail Open aka AtMail Open-Source edition 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to 1 ldap.php or 2 search.php...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
DEBIAN-CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
Hardcoded credentials
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
CVE-2008-5619 affects RoundCube Webmail (versions 0.2-1 alpha and 0.2-3 beta) via the html2text.php integration that uses the chuggnutt HTML-to-text library. The underlying issue is the use of preg_replace with the eval modifier, allowing remote code execution when crafted input is processed. Exp...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...