4233 matches found
IMHO Webmail 0.9x - Account Hijacking
source: https://www.securityfocus.com/bid/5238/info A vulnerability has been reported in the IMHO Roxen webmail module which may enable a malicious user of the webmail system to gain access to the account of another user. This issue is due to an error in configuration which may leak the REFERER f...
Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
Team N.finity Security Advisory 03/07/2002 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal Summary =================== Argosoft Mail Server Pro contains a built-in HTTP server for webmail access. Without logging in, an attacker can do a reverse directory traversal to retrieve an...
argospill.sh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team N.finity Security Advisory 03/07/2002 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal Summary =================== Argosoft Mail Server Pro contains a built-in HTTP server for webmail access. Without logging in, an attacker can d...
Directory traversal in Argosoft Mail Server Plus/Pro
Webmail companent directory traversal...
CVE-2000-1166
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...
CVE-2000-1166
CVE-2000-1166 affects the Twig webmail system. The issue arises when the vhosts variable isn’t set on the site, allowing a remote attacker to inject arbitrary PHP (PHP3) code by supplying an alternate vhosts value to index.php3. Root cause: improper handling of the vhosts variable during initiali...
BasiliX multiple vulnerabilities
BasiliX multiple vulnerabilities PROGRAM: BasiliX VENDOR: Murat Arslan [email protected] et al. HOMEPAGE: http://basilix.org/ VULNERABLE VERSIONS: 1.1.0 and all previous versions LOGIN REQUIRED: yes some issues, no some issues SEVERITY: high DESCRIPTION: "BasiliX is a webmail application based ...
BasiliX Webmail 1.1 - Message Content Script Injection
BasiliX Webmail 1.1 - Message Content Script Injection source: https://www.securityfocus.com/bid/5060/info BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. A script injection issue has been reported in BasiliX...
BasiliX Webmail 1.1 - Message Content Script Injection
source: https://www.securityfocus.com/bid/5060/info BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. A script injection issue has been reported in BasiliX Webmail. Script commands are not filtered from the...
NOCC 0.9.x - Webmail Script Injection
NOCC 0.9.x - Webmail Script Injection source: https://www.securityfocus.com/bid/4740/info NOCC is a web based email client implemented in PHP4. It includes support for POP3, SMTP and IMAP servers, MIME attachments and multiple languages. A script injection issue has been reported with the way...
NOCC: cross-site-scripting bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting bug in NOCC: Details - ------- Product: NOCC Affected Version: 0.9.5 and maybe all versions before Immune Version: none, authors are working on it OS affected: all OS with php and mysql Vendor-URL:...
NOCC 0.9.x - Webmail Script Injection
source: https://www.securityfocus.com/bid/4740/info NOCC is a web based email client implemented in PHP4. It includes support for POP3, SMTP and IMAP servers, MIME attachments and multiple languages. A script injection issue has been reported with the way emails are displayed to users of NOCC...
CVE-2001-1294
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service crash in the Webmail interface via a long username and password...
CVE-2001-1283
CVE-2001-1283 affects Ipswitch IMail webmail interface (versions 7.04 and earlier). Affected component is the webmail CGI handlers (readmail.cgi and printmail.cgi); remote authenticated users can crash the service via mailbox names containing many dots or other characters, likely due to a buffer ...
CVE-2001-1294
CVE-2001-1294 describes a buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier, allowing remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. The connected records confirm the affected software and the impact (availability). Root ca...
CVE-2001-1283
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service crash via a mailbox name that contains a large number of . dot or other characters to programs such as 1 readmail.cgi or 2 printmail.cgi, possibly due to a buffer overflow that...
emumail.cgi
name : emumail.cgi date : 04/04/2002 description : EMU Webmail: how to check your email from the web. severity : Low/average-risk homepage : www.emumail.com Any user can view files on the remote system: xxx/PATH/emumail.cgi?type=FILE00 The vendor were contact about that...
SquirrelMail 1.2.x - Theme Remote Command Execution
source: https://www.securityfocus.com/bid/4385/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system. A vulnerability has been reporte...
SquirrelMail 1.2.x - Theme Remote Command Execution
SquirrelMail 1.2.x - Theme Remote Command Execution source: https://www.securityfocus.com/bid/4385/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality throu...
CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter...