41 matches found
CVE-2006-2190
Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...
Cross site scripting
Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...
CVE-2006-2190
CVE-2006-2190 is an XSS vulnerability in OpenWebMail (OWM) affecting 2.51 and earlier, via the sessionid parameter in ow-shared.pl and related scripts (openwebmail-send.pl, openwebmail-advsearch.pl, openwebmail-folder.pl, openwebmail-prefs.pl, openwebmail-abook.pl, openwebmail-read.pl, openwebmai...
CVE-2006-2190
Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...
Open WebMail Logindomain Parameter Cross-Site Scripting Vulnerability
The remote webmail server is affected by a cross-site scripting flaw. The remote host is running at least one instance of Open WebMail that fails to sufficiently validate user input supplied to the SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a...
CVE-2005-2863
Cross-site scripting XSS vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...
CVE-2005-2863
OpenWebMail contains an XSS vulnerability CVE-2005-2863 in the openwebmail-main.pl script (sessionid parameter) affecting OpenWebMail 2.41. The flaw allows remote injection of arbitrary web script/HTML. NVD notes a CVSS v2 base score of 4.3 (Medium) with network access, no authentication, and par...
CVE-2005-2863
Cross-site scripting XSS vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...
openXSS.txt
Discovered by s3cure Risk: small When we are logged on account we see: http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin-session-0.274744641575129&action=listmessagesafterlogin Now we can do small xss:...
CVE-2004-2284
CVE-2004-2284 affects OpenWebmail prior to 2.32 (vacation.pl). The read_list_from_file function in vacation.pl allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument, enabling remote code execution with the web server’s privileges. OpenVAS and Nessus...
CVE-2004-2284
The readlistfromfile function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument...
OpenWebmail openwebmail.pl logindomain Parameter XSS
Binary data 2616.prm...
CVE-2004-2284
The readlistfromfile function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument...
[Full-Disclosure] RS-2004-2: "Content-Type" XSS vulnerability affecting other webmail systems
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================== - RS-Labs Security Advisory - =============================== Tittle: "Content-Type" XSS vulnerability affecting other webmail systems ID: RS-2004-2 Severity: Medium / High - Arbitrary tags injection in victim's browser...
[openwebmail] Fw: Re: XSS bug.
Hello all, Its a forward message from openwebmail bugtraq system with the problem and the solution ;- ---------- Forwarded Message ----------- From: "openwebmail" [email protected] To: "aramosf" [email protected] Sent: Thu, 3 Jun 2004 20:30:07 +0800 Subject: Re: XSS bug. On Wed, 2...
CVE-2003-1426
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPTFILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPTFILENAME to reference a directory containing a malicious openwebmail-shared.pl...
OpenWebMail < 1.90 Multiple Vulnerabilities
According to its banner, the remote host is running a version OpenWebMail older than 1.90. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to execute arbitrary commands with super user privilges. - An information disclosure vulnerability could diclose user...
cPanel 5.0 - 'Openwebmail' Local Privilege Escalation
source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local user privilage escalation. By...
cPanel 5.0 - Openwebmail Local Privilege Escalation
cPanel 5.0 - Openwebmail Local Privilege Escalation source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue ma...
cPanel 5.0 - Guestbook.cgi Remote Command Execution (4)
cPanel 5.0 - Guestbook.cgi Remote Command Execution 4 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...