220 matches found
Atmail WebMail <= 5.6.0 (5.60) Email Body Injection
The version of Atmail WebMail running on the remote host is vulnerable to an email body injection attack. HTML and script code are not properly sanitized before it is displayed in dynamically generated content. This vulnerability is known to affect versions 5.6.0 5.60 and earlier. A remote attack...
Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS
The version of Atmail WebMail running on the remote host is vulnerable to multiple cross-site scripting issues. 'webadmin/admin.php' fails to sanitize input to the 'func' parameter, and to the 'type' parameter when 'func' is set to 'stats'. This is known to affect version 5.6.1 5.61 and may affec...
Atmail Webmail / AtmailOpen Webmail Detection
Atmail Webmail or AtmailOpen Webmail is installed on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid38648; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Atmail Webmail /...
Atmail Detection
Detection of Atmail. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Atmail WebMail Email Body HTML Injection Vulnerability
Atmail and Atmail WebMail are prone to an HTML-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in dynamically generated content. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced...
Hardcoded credentials
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
DEBIAN-CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5619
CVE-2008-5619 affects RoundCube Webmail (versions 0.2-1 alpha and 0.2-3 beta) via the html2text.php integration that uses the chuggnutt HTML-to-text library. The underlying issue is the use of preg_replace with the eval modifier, allowing remote code execution when crafted input is processed. Exp...
Atmail Remote Authentication Bypass, Full DB Compromise
@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...
atmail541-download.txt
@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...
atmail-disclose.txt
!/usr/bin/perl LEGAL: Permission is granted to freely reproduce this document in its entirety under the condition that the contents are not altered in any way. milw0rm IS permitted to add their standard footer: // milw0rm.com / date Permission to view or reproduce this file is NOT granted to any...
@Mail多个本地信息泄漏漏洞
BUGTRAQ ID: 30434 CNCAN ID:CNCAN-2008073104 @Mail是一款基于WEB的邮件服务程序。 @Mail存在两个安全问题,远程攻击者可以利用漏洞获得敏感信息。 问题是webmail/libs/Atmail/Config.php和webmail/webadmin/.htpasswd文件存在全局可读权限,可导致获得数据库用户和密码,或WEBADMIN密码的MD5哈希值。 AtMail @Mail 5.41 目前没有解决方案提供: http://atmail.com/...
CVE-2007-2153
CVE-2007-2153 is a cross-site scripting (XSS) vulnerability in the atmail.php component of @Mail 5.0. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter. The CVSS v2 base score is 6.8 (Medium) with network attack vector, no authentication, and part...
[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue
MajorSecurity Advisory 43Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: @Mail 5.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.atmail.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...
atmail-xss.txt
@Mail Search.pl keywords variable cross-site scripting vendor url:http://www.atmail.com Advisory:http://lostmon.blogspot.com/2007/02/ mail-searchpl-keywords-variable-cross.html vendor notify:yes exploit available: yes @Mail is a feature rich Email solution that allows users to access...
atmailXSS.txt
@Mail multiple variable cross-site scripting vendor url:http://www.atmail.com Advisory:http://lostmon.blogspot.com/2005/07/ mail-multiple-variable-cross-site.html vendor notify:yes exploit available: yes @Mail is a feature rich Email solution that allows users to access email-resources via the we...