EUVD-2004-2491

Malware in sbrugna...

EUVD-2005-1123

Malware in sbrugna...

IlohaMail Webmail Stored XSS

No description provided by source. !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

IlohaMail Webmail Stored XSS

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

IlohaMail Webmail - Persistent Cross-Site Scripting

IlohaMail Webmail - Persistent Cross-Site Scripting !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

IlohaMail Webmail - Persistent Cross-Site Scripting

!/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link: http://sourceforge.net/projects/ilohamail/files/IlohaMail-devel/0.9-20050415/ Version: 0.9-20050415...

FreeBSD Ports: openwebmail

The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1010-1 (ilohamail)

The remote host is missing an update to ilohamail announced via advisory DSA 1010-1. Ulf Härnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attacke...

Debian DSA-1010-1 : ilohamail - missing input sanitising

Ulf Harnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attackers to inject arbitrary web script or HTML. %NASLMINLEVEL 70300 C Tenable Network...

DSA-1010-1 ilohamail - missing input sanitising

Bulletin has no description...

[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1010-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1010-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1010-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2006 http://www.debian.org/security/faq -...

IlohaMail Attachment Upload Vulnerability

The target is running at least one instance of IlohaMail version 0.7.9-RC2 or earlier. Such versions do not properly check the upload path for file attachments, which may allow an attacker to place a file on the target in a location writable by the web user if the file-based backend is in use. Fo...

IlohaMail Detection

This script detects whether the remote host is running IlohaMail and extracts version numbers and locations of any instances found. IlohaMail is a webmail application that is based on a stock build of PHP and that does not require either a database or a separate IMAP library. See for more...

IlohaMail User Parameter Vulnerability

The target is running at least one instance of IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter, which could allow a remote attacker to execute arbitrary code either on the target or in a victim's browser when a victim views a specially crafted...

IlohaMail External Programs Vulnerabilities

The target is running at least one instance of IlohaMail version 0.8.6. This version may contain flaws in the spell check and GnuPG features that allow an authenticated attacker to run arbitrary commands with the privileges of the web user simply by enclosing them in backticks when spell checking...

IlohaMail Arbitrary File Access via Session Variable Vulnerability

The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...

IlohaMail < 0.7.9 Contacts Deletion Vulnerability

IlohaMail contains a flaw that enables an authenticated user to delete contacts belonging to any user provided the DB-based backend is used to store contacts. The flaw arises because ownership of SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a...