11 matches found
CVE-2002-1893
CVE-2002-1893: Cross-site scripting (XSS) in ArGoSoft Mail Server Pro 1.8.1.9 lets remote attackers inject arbitrary web script/HTML via the e-mail message. Connected sources confirm the vulnerability exists in the WebMail interface of ArGoSoft Mail Server Pro, but the provided documents do not i...
CVE-2006-0978
The CVE-2006-0978 entry refers to multiple XSS vulnerabilities in the View Headers (viewheaders) functionality of ArGoSoft Mail Server Pro 1.8.8.5, allowing remote attackers to inject arbitrary web script or HTML via the Subject, From, and other headers. Connected sources corroborate the same iss...
CVE-2006-0930
Summary: CVE-2006-0930 describes a directory traversal vulnerability in Webmail of ArGoSoft Mail Server Pro 1.8. Affected component: Webmail/UIDL handling. Root cause: improper handling of the UIDL parameter allowing directory traversal via “..” sequences, enabling a remote authenticated user to ...
CVE-2005-1284
CVE-2005-1284 affects ArGoSoft Mail Server Pro 1.8.7.6; the addnew script allows remote attackers to create arbitrary accounts via a direct HTTP POST, even when web-interface account creation is disabled. This is a network‑level issue with CVSS2 base score 7.5 (HIGH). No exploit details or remedi...
CVE-2005-1283
Summary : CVE-2005-1283 describes multiple directory traversal vulnerabilities in ArGoSoft Mail Server Pro 1.8.7.6. Remote authenticated users can read arbitrary files via the UIDL parameter to the msg script or copy/move the user’s .eml file to arbitrary locations via the delete script. This is ...
CVE-2006-0928
The CVE-2006-0928 issue affects ArGoSoft Mail Server Pro 1.8, where the POP3 server exposes a _DUMP command that unauthenticated remote users can use to disclose sensitive information (OS, registered user, and registration code). The NVD entry records a base score of 5.0 (Medium) with network acc...
CVE-2006-0929
CVE-2006-0929 affects the IMAP server of ArGoSoft Mail Server Pro 1.8.8.1. The issue is a directory traversal in the IMAP RENAME command where mailbox names are not filtered for "..", allowing an authenticated remote attacker to create/move folders arbitrarily on the affected system. The connecte...
CVE-2005-0367
This entry documents directory-traversal flaws in ArGoSoft Mail Server (notably versions around 1.8.7.3/1.8.7.6) that allow remote authenticated users to read, delete, or upload arbitrary files. The root cause is traversal via .. in multiple vectors: the filename of an email attachment, the _msga...
CVE-2002-1005
CVE-2002-1005 concerns ArGoSoft Mail Server versions 1.8.1.7 and earlier. The issue arises when a webmail user forwards mail to themselves while autoresponse is enabled, creating an infinite loop that causes CPU consumption and a denial of service. This vulnerability is documented in multiple sou...
CVE-2002-1004
CVE-2002-1004 concerns ArGoSoft Mail Server Plus/Pro WebMail (≤1.8.1.5). The vulnerability is a directory traversal in the WebMail interface that allows remote attackers to read arbitrary files via …/ sequence in a URL. Affected: ArGoSoft Mail Server WebMail feature (versions up to 1.8.1.5 and ea...
CVE-2005-1282
CVE-2005-1282 affects ArGoSoft Mail Server Pro 1.8.7.6, with multiple XSS vulnerabilities allowing remote injection via (1) IMG src, (2) webmail user settings, or (3) address book input. The connected sources confirm XSS exposure and affected component, but do not provide patch/version remediatio...