CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server...

1.9CVSS6.4AI score0.00062EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:47 a.m.•5 views

CVE-2010-3913

CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

4.3CVSS7.3AI score0.00357EPSS

Exploits0References1

NVD•added 2013/04/04 7:55 p.m.•31 views

CVE-2013-2302

1.9CVSS6.1AI score0.00062EPSS

Exploits0References3

Prion•added 2013/04/04 7:55 p.m.•14 views

Design/Logic Flaw

1.9CVSS6.5AI score0.00062EPSS

Exploits0References3Affected Software1

Cvelist•added 2013/04/04 7:0 p.m.•20 views

CVE-2013-2302

6.1AI score0.00062EPSS

Exploits0References3

CVE•added 2013/04/04 7:0 p.m.•42 views

CVE-2013-2302

The CVE-2013-2302 entry concerns TransWARE Active! mail 6. Affected component: Active! mail with an external public interface enabled. Root cause: information disclosure allowing local users to obtain other users’ credentials by leveraging shell access via TELNET/SSH to the server. Impact (as doc...

1.9CVSS6.2AI score0.00062EPSS

Exploits0References3Affected Software1

NVD•added 2010/11/05 5:0 p.m.•8 views

CVE-2010-3913

4.3CVSS6.9AI score0.00357EPSS

Exploits0References5

Prion•added 2010/11/05 5:0 p.m.•11 views

Crlf injection

4.3CVSS7.4AI score0.00357EPSS

Exploits0References5Affected Software1

CVE•added 2010/11/05 4:28 p.m.•42 views

CVE-2010-3913

CVE-2010-3913 affects TransWARE Active! mail 6 (build 6.40.010047750 and earlier). The vulnerability is a CRLF/HTTP header injection that can enable HTTP response splitting and allow remote attackers to inject headers. Documented impacts include falsified information being displayed and potential...

4.3CVSS7.1AI score0.00357EPSS

Exploits0References5Affected Software1

Cvelist•added 2010/11/05 4:28 p.m.•11 views

CVE-2010-3913

6.9AI score0.00357EPSS

Exploits0References5

Prion•added 2009/12/17 6:30 p.m.•9 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Cc, and 4 Bcc parameters...

4.3CVSS6.2AI score0.00329EPSS

Exploits0References5

NVD•added 2009/12/17 6:30 p.m.•14 views

CVE-2009-4353

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL...

5.8CVSS6.7AI score0.00357EPSS

Exploits0References5

NVD•added 2009/12/17 6:30 p.m.•16 views

CVE-2009-4352

4.3CVSS5.9AI score0.00329EPSS

Exploits0References5

Prion•added 2009/12/17 6:30 p.m.•12 views

Code injection

5.8CVSS7.2AI score0.00357EPSS

Exploits0References5Affected Software1

Prion•added 2009/12/17 6:30 p.m.•14 views

Code injection

TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions...

5.8CVSS7.2AI score0.00285EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by