4213 matches found
CVE-2000-1166
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...
CVE-2000-1100
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request...
CVE-2000-1100
The vulnerability CVE-2000-1100 affects the PostACI webmail system where the default configuration installs /includes/global.inc in the web root, enabling remote reads of sensitive data (e.g., database usernames and passwords) via a direct HTTP GET. The NVD description confirms this exposure; no ...
SRADV00005.txt
================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...
(SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...
Дырки в mailman webmail
Классические дырки perl CGI при работе с файлами...
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
The version of MailMan Webmail on the remote web server has an arbitrary command execution vulnerability. Input to the 'ALTERNATETEMPLATES' parameter of mmstdod.cgi is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the system. %NASLMINLEVEL 70300 C...
Endymion MailMan 3.0.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open function. Attackers can control the way...
Дырка в WhoWhere Webmail (comm.lycos.com, angelfire.com, eudoramail.com)
Можно угадать имя файла с вложением на сервере...
PostACI Webmail Vulnerability
The PostACI webmail system contains a rather trival vulnerability. One can obtain the hostname, username and password variables for the MySQL server in addition to other setup information if PostACI is setup as described running out of the box by simplying going to the url:...
Trlinux Postaci Webmail 1.1.3 - Password Disclosure
Trlinux Postaci Webmail 1.1.3 - Password Disclosure source: https://www.securityfocus.com/bid/2029/info Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database...
Trlinux Postaci Webmail 1.1.3 - Password Disclosure
source: https://www.securityfocus.com/bid/2029/info Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database. Webmail stores database username and password...
Дырка в TWIG webmail
Используя ошибку в проверке агрументов можно загрузить и выполнить собственный php3-скрипт...
Security problems with TWIG webmail system
Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...
CVE-2000-0507
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command...
CVE-2000-0552
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information...
CVE-2000-0507
CVE-2000-0507 concerns Imate Webmail Server 2.5. A remote attacker can cause a denial of service by sending a HELO command with an extremely long argument, potentially crashing/shutting down the SMTP service (network exploit, no auth required; availability impact). The vulnerability stems from ha...
(SRADV00003) Arbitrary file disclosure through IMP
================================================= Secure Reality Pty Ltd. Security Advisory 3 SRADV00003 http://www.securereality.com.au ================================================= Title Arbitrary file disclosure through IMP Released 12/09/2000 Vulnerable Most all? versions of IMP 2.2.1...
horde.txt
Date: Fri, 8 Sep 2000 17:03:36 +0200 Sender: Bugtraq List From: "Winter, Christian" Subject: horde library bug - unchecked from-address To: [email protected] Hi, this bug we discovered recently. HORDE 1.2.0 $from-bug and how to exploit with IMP 2.2.0 Disclaimer: This is intended as a pape...
horde library bug - unchecked from-address
Hi, this bug we discovered recently. HORDE 1.2.0 $from-bug and how to exploit with IMP 2.2.0 Disclaimer: This is intended as a paper for sysadmins who want to secure their systems. It is NOT a how to for scriptkiddies to run any attack on a IMP-using site. The authors of this text will not be hel...