23 matches found
Debian DSA-3852-1 : squirrelmail - security update
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DSA 3852-1] squirrelmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3852-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] Fedora 21 Update: php-horde-imp-6.2.11-1.fc21
IMP, the Internet Mail Program, is one of the most popular and widely deployed open source webmail applications in the world. It allows universal, web-based access to IMAP and POP3 mail servers and provides Ajax, mobile and traditional interfaces with a rich range of features normally found only ...
[SECURITY] Fedora 23 Update: php-horde-imp-6.2.11-1.fc23
IMP, the Internet Mail Program, is one of the most popular and widely deployed open source webmail applications in the world. It allows universal, web-based access to IMAP and POP3 mail servers and provides Ajax, mobile and traditional interfaces with a rich range of features normally found only ...
V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability
No description provided by source. Script: V-Webmail 1.6.4 Vendor: http://www.v-webmail.org/ Description: V-webmail is a powerful PHP based webmail application with an abundance of features, including many innovative ideas for web applications Discovered: beford xbefordx gmail com Vulnerable File...
Debian DSA-2291-1 : squirrelmail - various vulnerabilities
Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote...
Debian: Security Advisory (DSA-1802-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1802-2 squirrelmail - incomplete fix
Bulletin has no description...
The use of injection techniques to attack the mail server and defenses(a)-vulnerability warning-the black bar safety net
This article will detail through the talk to mail server communication of a Web application, i.e., the webmail application to inject some mail protocolsIMAP and SMTP Protocolcommands to attack a mail server of the principles, methods and defenses. A Webmail application role Webmail app through IM...
DSA-1682-1 squirrelmail - cross site scripting
Bulletin has no description...
UebiMiau Multiple Input Validation Vulnerabilities
The remote host is running UebiMiau, a webmail application written in PHP. The version of UebiMiau installed on the remote host fails to sanitize user input to the 'selectedtheme' parameter of the 'error.php' script before using it as a template to generate dynamic HTML. An unauthenticated attack...
Unfixed XSS vulnerability at www.axt.it
Security researcher www.nullcode.com.ar, has submitted on 03/10/2007 a cross-site-scripting XSS vulnerability affecting www.axt.it, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/10/2007. It is...
BasiliX Detection (HTTP)
HTTP based detection of BasiliX. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14308";...
BasiliX Detection
The remote web server contains a webmail application written in PHP. Description : This script detects whether the remote host is running BasiliX and extracts version numbers and locations of any instances found. BasiliX is a webmail application based on PHP and IMAP and powered by MySQL. OpenVAS...
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
There are flaws in the remote Infinite Mobile Delivery, a web interface to provide wireless access to mail. This version of Infinite Mobile Delivery has a cross-site scripting vulnerability and a path disclosure vulnerability. An attacker, exploiting this flaw, would be able to steal user...
IlohaMail Configuration Scripts Remote Disclosure
The remote host is running Ilohamail, a web-based mail interface written in PHP. The remote installation of this software is not configured properly, in the sense that it allows any user to download its configuration files by requesting the '/conf/conf.inc' or '/conf/customauth.inc' file. The...
IlohaMail Software Detection
The remote host is running IlohaMail, a webmail application that is based on a stock build of PHP and that does not require either a database or a separate IMAP library. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details...
IlohaMail Multiple External Programs Arbitrary Command Execution
The target is running at least one instance of IlohaMail version 0.8.6. This version may contain flaws in the spell check and GnuPG features that allow an authenticated attacker to run arbitrary commands with the privileges of the web user simply by enclosing them in backticks when spell checking...
BasiliX Application Detection
The remote host is running BasiliX, a webmail application based on PHP and IMAP and powered by MySQL. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details. Changes by Tenable: - Revised plugin title 12/28/10 include'deprecatednasllevel.inc'...
SquirrelMail Detection
The remote host is running SquirrelMail, a PHP-based webmail package that provides access to mail accounts via POP3 or IMAP. This script was written by George A. Theall, . See the Nessus Scripts License for details. Changes by Tenable - Updated to use compat.inc 11/20/2009 include"compat.inc"; if...