CVE-2021-41083

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

Debian: Security Advisory (DLA-3435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dada Mail Cross-Site Request Forgery Vulnerability

Dada Mail is a web-based email list management system. A cross-site request forgery vulnerability exists in Dada Mail versions prior to 11.16.0. An attacker could send a crafted web page to obtain information about a user's account...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2017-27829)

IBM iNotes also known as IBM Lotus iNotes is the United States IBM's set of Web-based e-mail software. A cross-site scripting vulnerability exists in IBM iNotes versions 8.5 and 9.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2017-08507)

IBM iNotes also known as IBM Lotus iNotes is a set of Web-based e-mail software from IBM in the United States. The software helps different types of users online and offline users to effectively manage business-critical information and collaboration. A cross-site scripting vulnerability exists in...

IBM iNotes and Domino Cross-Site Scripting Vulnerability (CNVD-2016-11821)

IBM iNotes and Domino are both products of IBM Corporation in the U.S. iNotes is a suite of Web-based e-mail software; Domino is a platform for hosting social business applications. A cross-site scripting vulnerability exists in IBM iNotes and Domino that stems from the program failing to properl...

Active! mail 6 vulnerable to HTTP header injection

Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...

Active! mail 2003 cross-site scripting vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...

JVN#49083120 Active! mail 2003 cross-site scripting vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...

HiveMail-1.3.txt

GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail queryfirst" SELECT contacts FROM hivecontactgroup WHERE contactgroupid = $contactgroupid AND userid = $hiveuseruserid ";...

HiveMail <= 1.3 Multiple Vulnerabilities

GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail = 1.3 Risk : Multiple Vulnerabilities Description: HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail...

Netauth: Web Based Email Management System

This is just a quick note of a simple hole in the Netauth system. What is Netauth? Netauth is a web based eMail management system for Windows NT and most Unix platforms. What is the hole? The nethauth.cgi file http://server/cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../.. /etc/passwd...

CVE-2000-0397

CVE-2000-0397 affects the EMURL web-based email account software. The vulnerability arises because session URLs encode predictable identifiers, enabling a remote attacker to access a user’s email account. The available documents do not specify affected product versions, root cause beyond predicta...

Matt Wright FormMail 1.x - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/2080/info FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other...