13 matches found
EUVD-2007-6164
Malware in sbrugna...
EUVD-2008-3565
Malware in sbrugna...
EUVD-2006-0848
Malware in sbrugna...
Calacode @Mail Webmail 4.51 Filtering Engine HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary script code in the victim's...
Design/Logic Flaw
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitati...
Information disclosure
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for 1 webmail/libs/Atmail/Config.php and 2 webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2008-3395
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for 1 webmail/libs/Atmail/Config.php and 2 webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2007-6196
Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...
Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection
Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection source: https://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary scrip...
Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection
source: https://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary script code in the victim's browser, in the context of the affected...
Cross site scripting
Cross-site scripting XSS vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "javascript:." NOTE: the provenance of this information is...
CVE-2006-0842
Cross-site scripting XSS vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "javascript:." NOTE: the provenance of this information is...