Lucene search
+L

220 matches found

Tenable Nessus
Tenable Nessus
added 2009/04/30 12:0 a.m.17 views

Atmail WebMail <= 5.6.0 (5.60) Email Body Injection

The version of Atmail WebMail running on the remote host is vulnerable to an email body injection attack. HTML and script code are not properly sanitized before it is displayed in dynamically generated content. This vulnerability is known to affect versions 5.6.0 5.60 and earlier. A remote attack...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/30 12:0 a.m.38 views

Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS

The version of Atmail WebMail running on the remote host is vulnerable to multiple cross-site scripting issues. 'webadmin/admin.php' fails to sanitize input to the 'func' parameter, and to the 'type' parameter when 'func' is set to 'stats'. This is known to affect version 5.6.1 5.61 and may affec...

4.3CVSS5.5AI score0.00855EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/04/30 12:0 a.m.65 views

Atmail Webmail / AtmailOpen Webmail Detection

Atmail Webmail or AtmailOpen Webmail is installed on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid38648; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Atmail Webmail /...

5.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2009/04/17 12:0 a.m.12 views

Atmail Detection

Detection of Atmail. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2009/04/17 12:0 a.m.10 views

Atmail WebMail Email Body HTML Injection Vulnerability

Atmail and Atmail WebMail are prone to an HTML-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in dynamically generated content. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced...

7.2AI score
Exploits0References1
Prion
Prion
added 2008/12/17 2:30 a.m.24 views

Hardcoded credentials

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

10CVSS7.5AI score0.54003EPSS
Exploits15References17Affected Software1
UbuntuCve
UbuntuCve
added 2008/12/17 2:30 a.m.33 views

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

10CVSS6.1AI score0.54003EPSS
Exploits15References4
OSV
OSV
added 2008/12/17 2:30 a.m.5 views

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

7.3AI score
Exploits0References17
OSV
OSV
added 2008/12/17 2:30 a.m.5 views

DEBIAN-CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

10CVSS7.9AI score0.54003EPSS
Exploits15References1
Debian CVE
Debian CVE
added 2008/12/17 2:0 a.m.102 views

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

10CVSS7.3AI score0.54003EPSS
Exploits15
Cvelist
Cvelist
added 2008/12/17 2:0 a.m.41 views

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

7.7AI score0.54003EPSS
Exploits15References17
CVE
CVE
added 2008/12/17 2:0 a.m.116 views

CVE-2008-5619

CVE-2008-5619 affects RoundCube Webmail (versions 0.2-1 alpha and 0.2-3 beta) via the html2text.php integration that uses the chuggnutt HTML-to-text library. The underlying issue is the use of preg_replace with the eval modifier, allowing remote code execution when crafted input is processed. Exp...

10CVSS7.7AI score0.54003EPSS
Exploits15References17Affected Software1
securityvulns
securityvulns
added 2008/08/01 12:0 a.m.134 views

Atmail Remote Authentication Bypass, Full DB Compromise

@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/31 12:0 a.m.19 views

atmail541-download.txt

@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/31 12:0 a.m.34 views

atmail-disclose.txt

!/usr/bin/perl LEGAL: Permission is granted to freely reproduce this document in its entirety under the condition that the contents are not altered in any way. milw0rm IS permitted to add their standard footer: // milw0rm.com / date Permission to view or reproduce this file is NOT granted to any...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/07/31 12:0 a.m.20 views

@Mail多个本地信息泄漏漏洞

BUGTRAQ ID: 30434 CNCAN ID:CNCAN-2008073104 @Mail是一款基于WEB的邮件服务程序。 @Mail存在两个安全问题,远程攻击者可以利用漏洞获得敏感信息。 问题是webmail/libs/Atmail/Config.php和webmail/webadmin/.htpasswd文件存在全局可读权限,可导致获得数据库用户和密码,或WEBADMIN密码的MD5哈希值。 AtMail @Mail 5.41 目前没有解决方案提供: http://atmail.com/...

6.9AI score
Exploits0
CVE
CVE
added 2007/04/19 10:0 a.m.46 views

CVE-2007-2153

CVE-2007-2153 is a cross-site scripting (XSS) vulnerability in the atmail.php component of @Mail 5.0. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter. The CVSS v2 base score is 6.8 (Medium) with network attack vector, no authentication, and part...

6.8CVSS5.7AI score0.01183EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.70 views

[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue

MajorSecurity Advisory 43Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: @Mail 5.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.atmail.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

Exploits0
Packet Storm
Packet Storm
added 2007/02/14 12:0 a.m.21 views

atmail-xss.txt

@Mail Search.pl keywords variable cross-site scripting vendor url:http://www.atmail.com Advisory:http://lostmon.blogspot.com/2007/02/ mail-searchpl-keywords-variable-cross.html vendor notify:yes exploit available: yes @Mail is a feature rich Email solution that allows users to access...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/07/28 12:0 a.m.22 views

atmailXSS.txt

@Mail multiple variable cross-site scripting vendor url:http://www.atmail.com Advisory:http://lostmon.blogspot.com/2005/07/ mail-multiple-variable-cross-site.html vendor notify:yes exploit available: yes @Mail is a feature rich Email solution that allows users to access email-resources via the we...

7.4AI score
Exploits0
Rows per page
Query Builder