Lucene search
+L

68 matches found

OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.19 views

BasiliX Arbitrary File Disclosure Vulnerability

The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they...

3.6CVSS6.8AI score0.00333EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

BasiliX Attachment Disclosure Vulnerability

The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never empti...

2.1CVSS7.7AI score0.00349EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

BasiliX SQL Injection Vulnerability

The remote web server contains PHP scripts that are prone to SQL injection attacks. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are potentially vulnerable to SQL injection attacks depending on the version of PHP installed. OpenVAS...

6.4CVSS0.01153EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.19 views

BasiliX Detection (HTTP)

HTTP based detection of BasiliX. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14308";...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.14 views

BasiliX Arbitrary Command Execution Vulnerability

The remote web server contains a BasiliX PHP script that is prone to arbitrary. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.20 views

BasiliX Arbitrary File Disclosure Vulnerability

The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they...

3.6CVSS6.8AI score0.00333EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

BasiliX Attachment Disclosure Vulnerability

The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptio...

2.1CVSS7.8AI score0.00349EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

BasiliX Message Content Script Injection Vulnerability

The remote web server contains PHP scripts that are prone to cross-site scripting attacks. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a...

6.8CVSS6.8AI score0.04262EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.17 views

BasiliX Content-Type XSS Vulnerability

The remote web server contains a PHP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to...

7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

Basilix Webmail Dummy Request Vulnerability

The script SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:basilix:basilixwebmail"; ifdescription...

5CVSS6.7AI score0.03764EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

BasiliX SQL Injection Vulnerability

The remote web server contains PHP scripts that are prone to SQL injection attacks. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are potentially vulnerable to SQL injection attacks depending on the version of PHP installed...

6.4CVSS7.8AI score0.01153EPSS
Exploits0References2
CVE
CVE
added 2005/06/21 4:0 a.m.50 views

CVE-2002-1710

BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...

3.6CVSS6AI score0.00333EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/06/21 4:0 a.m.89 views

CVE-2002-1709

CVE-2002-1709 describes a SQL injection vulnerability in BasiliX Webmail, where the vulnerable vector is the id parameter. The OpenVAS entries indicate that remote servers running BasiliX Webmail version 1.1.0 or lower are potentially vulnerable, with susceptibility depending on the installed PHP...

6.4CVSS7.4AI score0.01153EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/06/21 4:0 a.m.68 views

CVE-2002-1708

The OpenVAS/Nessus entries confirm CVE-2002-1708 as a cross-site scripting vulnerability in BasiliX Webmail, affecting version 1.1.0 or lower. The issue arises because BasiliX does not filter HTML tags when displaying messages, enabling an attacker to inject arbitrary HTML/script into the message...

6.8CVSS6.6AI score0.04262EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2005/06/21 4:0 a.m.51 views

CVE-2002-1711

CVE-2002-1711 affects BasiliX Webmail 1.1.0. The vulnerability is that attachments are saved in a world-readable, insecure "/tmp/BasiliX" directory, allowing a local attacker to read other users’ attachments. Documentation confirms BasiliX 1.1.0 stores attachments publicly on the host and that th...

2.1CVSS6.1AI score0.00349EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.30 views

CVE-2002-1711

BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments...

7.3AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.20 views

CVE-2002-1708

Cross-site scripting vulnerability XSS in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the 1 subject or 2 message fields...

6.5AI score0.04262EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.27 views

CVE-2002-1709

SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable...

7.3AI score0.01153EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.24 views

Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files o...

2.1CVSS5.8AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.131 views

BasiliX login.php3 username Variable Arbitrary Command Execution

The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be execut...

5.6AI score
Exploits0References1
Rows per page
Query Builder