CVE-2006-3564

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the email, 2 cond, or 3 name parameters to a addressbook.view.php, 4 the daysprune parameter to b index.php, 5 the datato parameter to c...

CVE-2004-2585

The CVE-2004-2585 entry affects SmarterTools SmarterMail 1.6.1511 and 1.6.1529, where the XSS flaw occurs in frmCompose.aspx, allowing remote attackers to inject arbitrary script/HTML via Javascript in the compose area's “check spelling” feature. The vulnerability arises from how user-supplied in...

CVE-2002-1710

BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...

CVE-2004-1498

CVE-2004-1498 describes a SQL injection in the compose message form of HELM up to version 3.1.19, exploitable via the messageToUserAccNum parameter. The issue allows remote attackers to run arbitrary SQL commands. Affected: HELM 3.1.19 and earlier (HELM frontend/compose logic). Root cause: unsafe...

security flaw

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...