Lucene search
K

41 matches found

NVD
NVD
added 2006/05/04 12:38 p.m.15 views

CVE-2006-2190

Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...

6.8CVSS5.5AI score0.01602EPSS
Exploits1References6
Prion
Prion
added 2006/05/04 12:38 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...

6.8CVSS6AI score0.01602EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2006/05/04 10:0 a.m.56 views

CVE-2006-2190

CVE-2006-2190 is an XSS vulnerability in OpenWebMail (OWM) affecting 2.51 and earlier, via the sessionid parameter in ow-shared.pl and related scripts (openwebmail-send.pl, openwebmail-advsearch.pl, openwebmail-folder.pl, openwebmail-prefs.pl, openwebmail-abook.pl, openwebmail-read.pl, openwebmai...

6.8CVSS5.6AI score0.01602EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/05/04 10:0 a.m.22 views

CVE-2006-2190

Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...

5.5AI score0.01602EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.19 views

Open WebMail Logindomain Parameter Cross-Site Scripting Vulnerability

The remote webmail server is affected by a cross-site scripting flaw. The remote host is running at least one instance of Open WebMail that fails to sufficiently validate user input supplied to the SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a...

4.3CVSS6.2AI score0.0133EPSS
Exploits0References3
NVD
NVD
added 2005/09/08 11:3 p.m.15 views

CVE-2005-2863

Cross-site scripting XSS vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

4.3CVSS5.5AI score0.01164EPSS
Exploits0References3
CVE
CVE
added 2005/09/08 4:0 a.m.63 views

CVE-2005-2863

OpenWebMail contains an XSS vulnerability CVE-2005-2863 in the openwebmail-main.pl script (sessionid parameter) affecting OpenWebMail 2.41. The flaw allows remote injection of arbitrary web script/HTML. NVD notes a CVSS v2 base score of 4.3 (Medium) with network access, no authentication, and par...

4.3CVSS5.6AI score0.01164EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2005/09/08 4:0 a.m.20 views

CVE-2005-2863

Cross-site scripting XSS vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

5.5AI score0.01164EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2005/09/07 12:0 a.m.19 views

openXSS.txt

Discovered by s3cure Risk: small When we are logged on account we see: http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin-session-0.274744641575129&action=listmessagesafterlogin Now we can do small xss:...

7.4AI score
Exploits0
CVE
CVE
added 2005/07/19 4:0 a.m.60 views

CVE-2004-2284

CVE-2004-2284 affects OpenWebmail prior to 2.32 (vacation.pl). The read_list_from_file function in vacation.pl allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument, enabling remote code execution with the web server’s privileges. OpenVAS and Nessus...

10CVSS7.7AI score0.03404EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2005/07/19 4:0 a.m.19 views

CVE-2004-2284

The readlistfromfile function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument...

7.6AI score0.03404EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2005/02/15 12:0 a.m.22 views

OpenWebmail openwebmail.pl logindomain Parameter XSS

Binary data 2616.prm...

4.3CVSS7.3AI score0.0133EPSS
Exploits0References1
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2284

The readlistfromfile function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument...

10CVSS7.6AI score0.03404EPSS
Exploits0References6
securityvulns
securityvulns
added 2004/07/06 12:0 a.m.43 views

[Full-Disclosure] RS-2004-2: "Content-Type" XSS vulnerability affecting other webmail systems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================== - RS-Labs Security Advisory - =============================== Tittle: "Content-Type" XSS vulnerability affecting other webmail systems ID: RS-2004-2 Severity: Medium / High - Arbitrary tags injection in victim's browser...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2004/06/05 12:0 a.m.37 views

[openwebmail] Fw: Re: XSS bug.

Hello all, Its a forward message from openwebmail bugtraq system with the problem and the solution ;- ---------- Forwarded Message ----------- From: "openwebmail" [email protected] To: "aramosf" [email protected] Sent: Thu, 3 Jun 2004 20:30:07 +0800 Subject: Re: XSS bug. On Wed, 2...

6.2AI score
Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.17 views

CVE-2003-1426

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPTFILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPTFILENAME to reference a directory containing a malicious openwebmail-shared.pl...

3.3CVSS7.2AI score0.00463EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2003/03/19 12:0 a.m.37 views

OpenWebMail < 1.90 Multiple Vulnerabilities

According to its banner, the remote host is running a version OpenWebMail older than 1.90. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to execute arbitrary commands with super user privilges. - An information disclosure vulnerability could diclose user...

7.2CVSS6AI score0.01309EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2003/02/19 12:0 a.m.39 views

cPanel 5.0 - &#039;Openwebmail&#039; Local Privilege Escalation

source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local user privilage escalation. By...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/02/19 12:0 a.m.16 views

cPanel 5.0 - Openwebmail Local Privilege Escalation

cPanel 5.0 - Openwebmail Local Privilege Escalation source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue ma...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2003/02/19 12:0 a.m.119 views

cPanel 5.0 - Guestbook.cgi Remote Command Execution (4)

cPanel 5.0 - Guestbook.cgi Remote Command Execution 4 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...

0.1AI score
Exploits0
Rows per page
Query Builder