22 matches found
EUVD-2001-1081
Malware in sbrugna...
EUVD-2002-2377
Malware in sbrugna...
EUVD-2002-2309
Malware in sbrugna...
CVE-2002-2399
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
CVE-2002-2331
W3Mail 1.0.2 through 1.0.5 with server side scripting SSI enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the...
W3Mail 1.0.6 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script viewAttachment.cgi accepts the parameter file. The value of this parameter is passed to th...
CVE-2002-2399
The CVE-2002-2399 entry describes a directory traversal vulnerability in W3Mail 1.0.6, specifically in viewAttachment.cgi, where an attacker can read arbitrary files by supplying a .. sequence in the file parameter. This is supported by multiple sources (NVD entry and Red Hat security page) that ...
CVE-2002-2399
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
CVE-2002-2331
W3Mail 1.0.2 through 1.0.5 with server side scripting SSI enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the...
CVE-2002-2331
CVE-2002-2331 affects W3Mail 1.0.2–1.0.5 with server-side scripting (SSI) enabled in the attachments directory. The vulnerability arises from insufficient restrictions on attachment file types, enabling remote attackers to execute arbitrary code by sending code within MIME attachments and then re...
W3Mail multiple bugs
delete.cgi invokes external program though system call without escaping shell characters. It's possible to change server configuration without administrator's permissions. All passwords are stored in Base64 encoding...
CVE-2002-2399
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
CVE-2002-2331
W3Mail 1.0.2 through 1.0.5 with server side scripting SSI enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the...
Fresh hole in W3Mail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20021112 Date: 12th November 2002 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: W3Mail up to and including 1.0.6 http://www.w3mail.org...
W3Mail 1.0.6 - File Disclosure
W3Mail 1.0.6 - File Disclosure source: https://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to t...
W3Mail 1.0.6 - File Disclosure
source: https://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open function as the filenam...
Medium security hole affecting W3Mail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I believe I've found a medium level security hole relating to the way W3Mail stores MIME attachments. I contacted the authors CascadeSoft - http://www.cascadesoft.com/ on the 19th, offering them 14 days to produce a fix, but have had no reply to...
CVE-2001-1100
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page...
CVE-2001-1100
CVE-2001-1100 affects W3Mail 1.0.2 (and possibly other CGI programs). The issue allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the ‘Compose Message’ page. This is a remote command execution vulnerability with network scope and low complexity, but no...
Bug found at W3Mail Webmail
Name: W3Mail 1.0.2 Personal and Commercial Version Author: Spencer Miles Problem: Script doesnt check for special metacharacters like &;'"|?^$nr. Any webmail user can execute nix commands on webserver. Exploit: On any field at "Compose Message", put something like: Recipient example [email protected]";...