11 matches found
EUVD-2004-2491
Malware in sbrugna...
IlohaMail read_message.php Attachment Multiple Field XSS
Based on its version number, the installation of IlohaMail on the remote host does not properly sanitize attachment file names, MIME media types, and HTML / text email messages. An attacker can exploit these vulnerabilities by sending a specially crafted message to a user which, when read using a...
CVE-2004-2500
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors...
IlohaMail < 0.8.14-RC1 Unspecified Vulnerability
Binary data 2451.prm...
IlohaMail < 0.8.14RC1 Unspecified Vulnerability
The remote host is running at least one instance of IlohaMail version 0.8.13 or earlier. Such versions are reportedly affected by an unspecified vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid15935;...
[SA13413] IlohaMail Unspecified Vulnerability
TITLE: IlohaMail Unspecified Vulnerability SECUNIA ADVISORY ID: SA13413 VERIFY ADVISORY: http://secunia.com/advisories/13413/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: IlohaMail 0.8.x http://secunia.com/product/1039/ DESCRIPTION: A vulnerability with an unknown...
IlohaMail Attachment Arbitrary File Create/Overwrite
The target is running at least one instance of IlohaMail version 0.7.9-RC2 or earlier. Such versions do not properly check the upload path for file attachments, which could allow an attacker to place a file on the target in a location writable by the web user if the file-based backend is in use...
IlohaMail index.php session Parameter Arbitrary File Access
The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...
IlohaMail Email Header XSS
The remote host is running at least one instance of IlohaMail version 0.8.12 or earlier. Such versions do not properly sanitize message headers, leaving users vulnerable to XSS attacks. For example, a remote attacker could inject JavaScript code that steals the user's session cookie and thereby...
IlohaMail index.php init_lang Parameter Arbitrary File Access
The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. %NASLMINLEVEL 70300 This script was written by...
IlohaMail Unspecified Database Password Disclosure Weakness
The target is running at least one instance of IlohaMail version 0.6 or earlier. Such versions suffer from a potential password disclosure problem when databasae information is not saved in the session table. Nessus has determined the vulnerability exists on the target simply by looking at the...