EUVD-2006-0898

Malware in sbrugna...

EUVD-2006-0899

Malware in sbrugna...

EUVD-2006-0895

Malware in sbrugna...

NOCC 1.0 filter_prefs.php html_filter_select Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject...

CVE-2006-0893

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to 1 the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and 2 the tmp directory, which lists names of uploaded attachments...

CVE-2006-0892

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities...

Directory traversal

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities...

Path traversal

NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the htmlerroroccurred parameter in error.php, 2 htmlfilterselect parameter in filterprefs.php, 3 htmlnomail parameter in nomail.php, the 4 pageline, 5 prev, an...

CVE-2006-0891

CVE-2006-0891 affects NOCC Webmail 1.0. The vulnerability arises from multiple directory traversal flaws that allow remote attackers to include arbitrary files by manipulating dot-dot sequences and a trailing NULL byte in (1) html/footer.php via _SESSION['nocc_theme'], and (2) lang and (3) theme ...

CVE-2006-0894

CVE-2006-0894 affects NOCC Webmail 1.0. The available documents identify multiple XSS vectors allowing remote attackers to inject arbitrary script or HTML via specific parameters in error.php, filter_prefs.php, no_mail.php, html_bottom_table.php, and the _SESSION['nocc_theme'] in footer.php. The ...

CVE-2006-0892

CVE-2006-0892 affects NOCC Webmail 1.0. The vulnerability arises from how attachments are stored and named in temporary files, enabling directory traversal to access e-mail attachments. Related sources also describe a local file include flaw in NOCC (via the lang parameter in index.php) that coul...

CVE-2006-0894

Multiple cross-site scripting XSS vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the htmlerroroccurred parameter in error.php, 2 htmlfilterselect parameter in filterprefs.php, 3 htmlnomail parameter in nomail.php, the 4 pageline, 5 prev, an...

CVE-2006-0893

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to 1 the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and 2 the tmp directory, which lists names of uploaded attachments...

CVE-2006-0891

Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. dot dot sequences and a trailing NULL %00 byte in 1 the SESSION'nocctheme' parameter in a html/footer.php; and 2 the lang and 3 theme parameters and the 4 Accept-Language HTTP...

CVE-2006-0895

NOCC Webmail 1.0 is affected by CVE-2006-0895. A remote attacker can obtain the installation path by making a direct request to html/header.php, exposing information about the webroot. The available sources describe the vulnerability as a path disclosure that affects NOCC Webmail 1.0; no addition...

CVE-2006-0893

NOCC Webmail 1.0 is affected by an information-disclosure vulnerability where remote attackers can obtain sensitive data by directly requesting files in (1) the profiles directory (exposing e-mail addresses from profile filenames) and (2) the tmp directory (revealing uploaded attachment names). T...

NOCC Webmail <= 1.0 multiple vulnerabilities

------ NOCC Webmail = 1.0 multiple arbitrary local inclusion + ---------------- php injection - remote code execution / / cross site scripting / path disclosure -------------------------------------------------------------------------------- software: site: http://nocc.sourceforge.net/ descriptio...

NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...

NOCC 1.0 - error.php?html_error_occurred Cross-Site Scripting

NOCC 1.0 - error.php?htmlerroroccurred Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can explo...