39 matches found
EUVD-2001-1026
Malware in sbrugna...
EUVD-2001-1025
Malware in sbrugna...
EUVD-2002-1688
Malware in sbrugna...
EUVD-2002-1689
Malware in sbrugna...
EUVD-2002-1687
Malware in sbrugna...
BasiliX Webmail 1.1 Email Header HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker ca...
Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2198/info A vulnerability has been reported in basilix webmail v. 0.9.7b. Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain t...
BasiliX Webmail 1.1 Message Content Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5060/info BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. A script injection issue has been reported in BasiliX Webmail. Script...
Basilix Webmail Dummy Request Vulnerability
The script SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:basilix:basilixwebmail"; ifdescription...
CVE-2002-1709
CVE-2002-1709 describes a SQL injection vulnerability in BasiliX Webmail, where the vulnerable vector is the id parameter. The OpenVAS entries indicate that remote servers running BasiliX Webmail version 1.1.0 or lower are potentially vulnerable, with susceptibility depending on the installed PHP...
CVE-2002-1708
The OpenVAS/Nessus entries confirm CVE-2002-1708 as a cross-site scripting vulnerability in BasiliX Webmail, affecting version 1.1.0 or lower. The issue arises because BasiliX does not filter HTML tags when displaying messages, enabling an attacker to inject arbitrary HTML/script into the message...
CVE-2002-1708
Cross-site scripting vulnerability XSS in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the 1 subject or 2 message fields...
CVE-2002-1710
BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...
CVE-2002-1709
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable...
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure
The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files o...
Basilix Webmail id Variable SQL Injection
The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are potentially vulnerable to SQL injection attacks depending on the version of PHP installed. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details...
BasiliX Application Detection
The remote host is running BasiliX, a webmail application based on PHP and IMAP and powered by MySQL. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details. Changes by Tenable: - Revised plugin title 12/28/10 include'deprecatednasllevel.inc'...
BasiliX Webmail Content-Type Header XSS
The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code in his browser simply by reading a MIME message with a specially crafted...
BasiliX Webmail 1.1 - Email Header HTML Injection
source: https://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to gain acces...
BasiliX Webmail 1.1 - Email Header HTML Injection
BasiliX Webmail 1.1 - Email Header HTML Injection source: https://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings...