EUVD-2004-2491

Malware in sbrugna...

EUVD-2005-1123

Malware in sbrugna...

IlohaMail Webmail Stored XSS

No description provided by source. !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

IlohaMail Webmail - Persistent Cross-Site Scripting

IlohaMail Webmail - Persistent Cross-Site Scripting !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

IlohaMail Webmail Stored XSS

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

IlohaMail Webmail - Persistent Cross-Site Scripting

!/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link: http://sourceforge.net/projects/ilohamail/files/IlohaMail-devel/0.9-20050415/ Version: 0.9-20050415...

FreeBSD Ports: openwebmail

The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian Security Advisory DSA 1010-1 (ilohamail)

The remote host is missing an update to ilohamail announced via advisory DSA 1010-1. Ulf Härnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attacke...

Debian: Security Advisory (DSA-1010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1010-1 : ilohamail - missing input sanitising

Ulf Harnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attackers to inject arbitrary web script or HTML. %NASLMINLEVEL 70300 C Tenable Network...

DSA-1010-1 ilohamail - missing input sanitising

Bulletin has no description...

[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1010-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1010-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1010-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2006 http://www.debian.org/security/faq -...

IlohaMail Detection

This script detects whether the remote host is running IlohaMail and extracts version numbers and locations of any instances found. IlohaMail is a webmail application that is based on a stock build of PHP and that does not require either a database or a separate IMAP library. See for more...

IlohaMail User Parameter Vulnerability

The target is running at least one instance of IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter, which could allow a remote attacker to execute arbitrary code either on the target or in a victim's browser when a victim views a specially crafted...

IlohaMail Email Header HTML Injection Vulnerability

The remote web server contains a PHP script which is vulnerable to a cross site scripting vulnerability. Description : The target is running at least one instance of IlohaMail version 0.8.12 or earlier. Such versions do not properly sanitize message headers, leaving users vulnerable to XSS attack...

IlohaMail Readable Configuration Files

The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication. OpenVAS Vulnerability Test $Id:...

IlohaMail External Programs Vulnerabilities

The target is running at least one instance of IlohaMail version 0.8.6. This version may contain flaws in the spell check and GnuPG features that allow an authenticated attacker to run arbitrary commands with the privileges of the web user simply by enclosing them in backticks when spell checking...

IlohaMail Arbitrary File Access via Language Variable

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. OpenVAS Vulnerability Test $Id:...