EUVD-2008-3381

Malware in sbrugna...

CVE-2002-2410

openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...

Roundcube Webmail 1.5.x < 1.5.7 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.7 or 1.6.x prior to 1.6.7. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS via SVG animate attributes. - A Cross-Site Scripting XSS via list columns from user preferences. - A...

Roundcube Webmail 1.6.x < 1.6.7 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.7 or 1.6.x prior to 1.6.7. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS via SVG animate attributes. - A Cross-Site Scripting XSS via list columns from user preferences. - A...

Roundcube Webmail 1.6.x < 1.6.8 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.8 or 1.6.x prior to 1.6.8. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS in rcmailactionmailget-run. - A Cross-Site Scripting XSS via a crafted e-mail message that abuses a...

Roundcube Webmail < 1.5.8, 1.6.x < 1.6.8 Multiple Vulnerabilities - Windows

Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail";...

webmail.jetsoft.com.br Cross Site Scripting vulnerability OBB-2342116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2008-5620

RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...

Sun ONE Messaging Server session hijacking

Webmail sessions hijacking...

Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities

The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. %NASLMINLEVEL 70300 Th...

NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure

source: https://www.securityfocus.com/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks. SurgeMail versions...

NetWin Surgemail 1.81.92.0 WebMail 3.1 - Login Form Cross-Site Scripting

NetWin Surgemail 1.81.92.0 WebMail 3.1 - Login Form Cross-Site Scripting source: https://www.securityfocus.com/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry...

NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Login Form Cross-Site Scripting

source: https://www.securityfocus.com/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks. SurgeMail versions...

Cyclonic Webmail 4 multiple vulnerabilities

Software: Cyclonic Webmail Version : 4 vendor : Stallion Networking 1. Software description ---------------------- Cyclonic is a webbased interface allowing users to handle emails stored on a POP Server. This software is Freeware 2. Vulnerability description ------------------------- - bypassing...

Multiple buffer overflows and XSS in Kerio MailServer

Issue : Multiple buffer overflows and XSS in Kerio MailServer Version affected 5.6.3 last in kerio website Vendor status : Vendor was notified Description : Kerio develop a mail server with support for Imap , Pop3, Smtp and SSL protocols . Besides , it includes a webmail . This webmail is...

Дырки в mailman webmail

Классические дырки perl CGI при работе с файлами...

Web Application Security Survey

-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. disclaimer The opinions, ideas and information expressed in the following text are my...