CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

No description provided by source. source: http://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary script code in the victim's...

7.1AI score

Exploits0

Prion•added 2008/08/10 9:41 p.m.•10 views

Design/Logic Flaw

Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitati...

7.8CVSS6.6AI score0.00451EPSS

Exploits0References2Affected Software1

CVE•added 2008/08/10 9:0 p.m.•40 views

CVE-2008-3579

The provided data confirms CVE-2008-3579 affects Calacode @Mail 5.41 on Linux, where the build-plesk-upgrade.php script does not require administrative authentication. This allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail dir...

7.8CVSS6.4AI score0.00451EPSS

Exploits0References2Affected Software1

Prion•added 2008/07/31 4:41 p.m.•12 views

Information disclosure

Calacode @Mail 5.41 on Linux uses weak world-readable permissions for 1 webmail/libs/Atmail/Config.php and 2 webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained...

5CVSS6AI score0.00293EPSS

Exploits0References3Affected Software1

Cvelist•added 2008/07/31 4:0 p.m.•13 views

CVE-2008-3395

5.7AI score0.00293EPSS

Exploits0References3

CVE•added 2008/07/31 4:0 p.m.•46 views

CVE-2008-3395

CVE-2008-3395 affects Calacode @Mail 5.41 on Linux. The issue is weak world-readable permissions on two files: webmail/libs/Atmail/Config.php and webmail/webadmin/.htpasswd, enabling local users to disclose sensitive information. Root cause: improper file permissions; impact is information disclo...

5CVSS5.8AI score0.00293EPSS

Exploits0References3Affected Software1

Packet Storm•added 2008/07/31 12:0 a.m.•32 views

atmail-disclose.txt

!/usr/bin/perl LEGAL: Permission is granted to freely reproduce this document in its entirety under the condition that the contents are not altered in any way. milw0rm IS permitted to add their standard footer: // milw0rm.com / date Permission to view or reproduce this file is NOT granted to any...

7.4AI score

Exploits0

Prion•added 2007/12/01 6:46 a.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

4.3CVSS6.1AI score0.00508EPSS

Exploits0References6Affected Software1

NVD•added 2007/12/01 6:46 a.m.•11 views

CVE-2007-6196

Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

4.3CVSS5.7AI score0.00508EPSS

Exploits0References6

Cvelist•added 2007/12/01 1:0 a.m.•13 views

CVE-2007-6196

Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

5.7AI score0.00508EPSS

Exploits0References6

securityvulns•added 2007/04/11 12:0 a.m.•64 views

[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue

MajorSecurity Advisory 43Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: @Mail 5.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.atmail.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

Exploits0

securityvulns•added 2006/12/21 12:0 a.m.•54 views

[Full-disclosure] [NETRAGARD-20061220 SECURITY ADVISORY] [@Mail WebMail Cross Site Scripting Vulnerabilitity]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netragard, L.L.C Advisory Strategic Reconnaissance Team ------------------------------------------------ http://www.netragard.com -- "We make I.T. Safe." POSTING NOTICE - ---------------------------------------------------------------------- If you...

0.1AI score

Exploits0

Exploit DB•added 2006/12/20 12:0 a.m.•23 views

Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection

source: https://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary script code in the victim's browser, in the context of the affected...

7AI score

Exploits0

exploitpack•added 2006/12/20 12:0 a.m.•8 views

Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection

Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection source: https://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary scrip...

7.6AI score

Exploits0

Prion•added 2006/02/22 2:2 a.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "javascript:." NOTE: the provenance of this information is...

4.3CVSS5.9AI score0.0038EPSS

Exploits0References5Affected Software1

NVD•added 2006/02/22 2:2 a.m.•7 views

CVE-2006-0842

4.3CVSS5.4AI score0.0038EPSS

Exploits0References5

CVE•added 2006/02/22 2:0 a.m.•43 views

CVE-2006-0842

CVE-2006-0842 concerns Calacode @Mail 4.3 and is a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary script/HTML via a modified javascript: string in the SRC attribute of an IMG element in an email message, as demonstrated by the payload “java script:.” This originat...

4.3CVSS5.5AI score0.0038EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by