CVE-2026-26930

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests...

EUVD-2009-1481

Malware in sbrugna...

CVE-2009-1484

Cross-site scripting XSS vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained sole...

Cross site scripting

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface...

Zimbra Collaboration Server Mail Interface Cross-Site Request Forgery Vulnerability

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendaring, file sharing, social networking, and more. A cross-site request forgery vulnerability exists in the Mail interface of Zimbra Collaboration Server...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Mail interface in Zimbra Collaboration Server ZCS before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest...

Zimbra 8.0.9 GA - Cross-Site Request Forgery

Exploit for linux platform in category web applications ====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA...

Zimbra 8.0.9 GA Cross Site Request Forgery

====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like...

Zimbra 8.0.9 GA - Cross-Site Request Forgery

====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like...

Zimbra 8.0.9 GA - Cross-Site Request Forgery

Zimbra 8.0.9 GA - Cross-Site Request Forgery ====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release,...

PSCS VPOP3 2.0 Email Server Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10782/info It is reported that VPOP3 is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker issues a URI request containing a large value for the 'msglistlen' parameter ...

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

CVE-2009-1484

AXIGEN Mail Server Webmail (version 6.2.2) is affected by a cross-site scripting (XSS) vulnerability in the web mail interface, allowing an attacker to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. Multiple sources (NVD, Red Hat, OpenVAS/Nessus references)...

PSCS VPOP3 2.0 - Email Server Remote Denial of Service

source: https://www.securityfocus.com/bid/10782/info It is reported that VPOP3 is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker issues a URI request containing a large value for the 'msglistlen' parameter to the web mail interface. VPOP3...

Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)

The original advisory is available from: http://www.securiteam.com/windowsntfocus/5HP0G1FAAC.html Summary: --------- Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". The product suffered from multiple vulnerabilities that range from access to...

ArGoSoft Web-Mail security problem

ArGoSoft Web-Mail security problem. A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP Version 1.8.1.9 I did not test other versions, this is the only I have, but others should be vulnerable too. The problem is in the Web-Mail interface, it is posible to execute javascript by...