Lucene search
K

37 matches found

NVD
NVD
added 2009/12/17 6:30 p.m.15 views

CVE-2009-4353

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL...

5.8CVSS6.7AI score0.01083EPSS
Exploits0References5
NVD
NVD
added 2009/12/17 6:30 p.m.18 views

CVE-2009-4352

Multiple cross-site scripting XSS vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Cc, and 4 Bcc parameters...

4.3CVSS5.9AI score0.01065EPSS
Exploits0References5
Prion
Prion
added 2009/12/17 6:30 p.m.13 views

Code injection

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL...

5.8CVSS7.2AI score0.01083EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2009/12/17 6:0 p.m.43 views

CVE-2009-4354

TransWARE Active! mail 2003 (Build 2003.0139.0871 and earlier) contains a session cookie handling flaw that can allow remote attackers to hijack web sessions via insecure cookie handling in SSL contexts. Affects the web-based mail software and enables user impersonation. According to JVN/NVD reco...

5.8CVSS6.7AI score0.0105EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/12/17 6:0 p.m.19 views

CVE-2009-4353

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL...

6.7AI score0.01083EPSS
Exploits0References5
CVE
CVE
added 2009/12/17 6:0 p.m.44 views

CVE-2009-4353

CVE-2009-4353 affects Active! mail 2003 Mobile Edition (build 2003.0139.0871 and earlier; possibly before 2003.0139.0911). The issue is that the application does not remove the session ID from a Referer URL, enabling a remote attacker to hijack web sessions via vectors such as an email containing...

5.8CVSS6.7AI score0.01083EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2009/12/17 6:0 p.m.17 views

CVE-2009-4354

TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions...

6.7AI score0.0105EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/12/17 6:0 p.m.18 views

CVE-2009-4352

Multiple cross-site scripting XSS vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Cc, and 4 Bcc parameters...

5.9AI score0.01065EPSS
Exploits0References5
CVE
CVE
added 2009/12/17 6:0 p.m.40 views

CVE-2009-4352

TransWARE Active! mail 2003 contains cross-site scripting (XSS) vulnerabilities in builds 2003.0139.0871 and earlier (and possibly other versions before 2003.0139.0939). The flaw allows remote attackers to inject arbitrary web script or HTML via the From, To, Cc, and Bcc fields, potentially execu...

4.3CVSS5.9AI score0.01065EPSS
Exploits0References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/15 10:52 a.m.3 views

Active! mail 2003 session ID disclosure vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Kenichi Maehashi of CIS RAT at Hosei...

5.8CVSS6.6AI score0.01083EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/15 10:52 a.m.3 views

Active! mail 2003 cross-site scripting vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...

4.3CVSS6.1AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/08 12:0 a.m.31 views

JVN#85821104 Active! mail 2003 session ID disclosure vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...

5.8CVSS6.2AI score0.01083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/08 12:0 a.m.26 views

JVN#36207497 Active! mail 2003 cookie disclosure vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email could be viewed or configurations could be...

5.8CVSS6.2AI score0.0105EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/08 12:0 a.m.89 views

JVN#49083120 Active! mail 2003 cross-site scripting vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
NVD
NVD
added 2002/10/04 4:0 a.m.14 views

CVE-2002-0950

Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered...

7.5CVSS7.2AI score0.02726EPSS
Exploits0References3
CVE
CVE
added 2002/08/31 4:0 a.m.49 views

CVE-2002-0950

TransWARE Active! mail 1.422 and 2.0 are affected by a cross-site scripting vulnerability in an email header that is not properly filtered, enabling remote attackers to execute arbitrary code. This CVE (CVE-2002-0950) has a CVSS v2 base score of 7.5 (NETWORK, LOW attack complexity, no authenticat...

7.5CVSS7.5AI score0.02726EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/08/31 4:0 a.m.15 views

CVE-2002-0950

Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered...

7.2AI score0.02726EPSS
Exploits0References3
Rows per page
Query Builder