4 matches found
CVE-2021-26294
CVE-2021-26294 affects AfterLogic Aurora and WebMail Pro up to version 7.7.9. It is a directory traversal vulnerability in WebDAV endpoints (dav/server.php) that allows unauthenticated attackers to read arbitrary files (e.g., data/settings/settings.xml) by using crafted paths such as ../..//dav/s...
CVE-2021-26293
CVE-2021-26293 affects AfterLogic Aurora and WebMail Pro (DAV enabled). The vulnerability stems from directory traversal in the WebDAV handling (DAVServer.php/DAV/Server.php) that allows creating files under the web root, enabling potential remote code execution via uploaded files. Severity is hi...
CVE-2009-4743
CVE-2009-4743 affects AfterLogic WebMail Pro versions up to 4.7.10, via XSS in history-storage.aspx. The vulnerability is triggered by specially crafted HistoryStorageObjectName and HistoryKey parameters, allowing remote attackers to inject arbitrary web script/HTML and execute in the victim’s br...
CVE-2019-19129
Technical details about CVE-2019-19129 are not publicly provided in the connected documents; no root cause, affected components, or fixes are disclosed. Monitor for updates.