Lucene search
K
ArgosoftArgosoft Mail Server

11 matches found

CVE
CVE
added 2005/06/28 4:0 a.m.55 views

CVE-2002-1893

CVE-2002-1893: Cross-site scripting (XSS) in ArGoSoft Mail Server Pro 1.8.1.9 lets remote attackers inject arbitrary web script/HTML via the e-mail message. Connected sources confirm the vulnerability exists in the WebMail interface of ArGoSoft Mail Server Pro, but the provided documents do not i...

4.3CVSS5.7AI score0.01164EPSS
CVE
CVE
added 2006/03/03 11:0 a.m.55 views

CVE-2006-0978

The CVE-2006-0978 entry refers to multiple XSS vulnerabilities in the View Headers (viewheaders) functionality of ArGoSoft Mail Server Pro 1.8.8.5, allowing remote attackers to inject arbitrary web script or HTML via the Subject, From, and other headers. Connected sources corroborate the same iss...

4.3CVSS5.8AI score0.02106EPSS
CVE
CVE
added 2006/02/28 11:0 a.m.52 views

CVE-2006-0930

Summary: CVE-2006-0930 describes a directory traversal vulnerability in Webmail of ArGoSoft Mail Server Pro 1.8. Affected component: Webmail/UIDL handling. Root cause: improper handling of the UIDL parameter allowing directory traversal via “..” sequences, enabling a remote authenticated user to ...

4CVSS6.2AI score0.01373EPSS
CVE
CVE
added 2005/04/26 4:0 a.m.51 views

CVE-2005-1284

CVE-2005-1284 affects ArGoSoft Mail Server Pro 1.8.7.6; the addnew script allows remote attackers to create arbitrary accounts via a direct HTTP POST, even when web-interface account creation is disabled. This is a network‑level issue with CVSS2 base score 7.5 (HIGH). No exploit details or remedi...

7.5CVSS6.7AI score0.01549EPSS
CVE
CVE
added 2005/04/26 4:0 a.m.49 views

CVE-2005-1283

Summary : CVE-2005-1283 describes multiple directory traversal vulnerabilities in ArGoSoft Mail Server Pro 1.8.7.6. Remote authenticated users can read arbitrary files via the UIDL parameter to the msg script or copy/move the user’s .eml file to arbitrary locations via the delete script. This is ...

7.5CVSS6.5AI score0.01676EPSS
CVE
CVE
added 2006/02/28 11:0 a.m.49 views

CVE-2006-0928

The CVE-2006-0928 issue affects ArGoSoft Mail Server Pro 1.8, where the POP3 server exposes a _DUMP command that unauthenticated remote users can use to disclose sensitive information (OS, registered user, and registration code). The NVD entry records a base score of 5.0 (Medium) with network acc...

5CVSS6.2AI score0.02106EPSS
CVE
CVE
added 2006/02/28 11:0 a.m.49 views

CVE-2006-0929

CVE-2006-0929 affects the IMAP server of ArGoSoft Mail Server Pro 1.8.8.1. The issue is a directory traversal in the IMAP RENAME command where mailbox names are not filtered for "..", allowing an authenticated remote attacker to create/move folders arbitrarily on the affected system. The connecte...

4CVSS6.3AI score0.01306EPSS
CVE
CVE
added 2005/02/11 5:0 a.m.47 views

CVE-2005-0367

This entry documents directory-traversal flaws in ArGoSoft Mail Server (notably versions around 1.8.7.3/1.8.7.6) that allow remote authenticated users to read, delete, or upload arbitrary files. The root cause is traversal via .. in multiple vectors: the filename of an email attachment, the _msga...

4.6CVSS6.7AI score0.01857EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.45 views

CVE-2002-1005

CVE-2002-1005 concerns ArGoSoft Mail Server versions 1.8.1.7 and earlier. The issue arises when a webmail user forwards mail to themselves while autoresponse is enabled, creating an infinite loop that causes CPU consumption and a denial of service. This vulnerability is documented in multiple sou...

5CVSS6.5AI score0.01972EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.42 views

CVE-2002-1004

CVE-2002-1004 concerns ArGoSoft Mail Server Plus/Pro WebMail (≤1.8.1.5). The vulnerability is a directory traversal in the WebMail interface that allows remote attackers to read arbitrary files via …/ sequence in a URL. Affected: ArGoSoft Mail Server WebMail feature (versions up to 1.8.1.5 and ea...

5CVSS6.8AI score0.08338EPSS
CVE
CVE
added 2005/04/26 4:0 a.m.40 views

CVE-2005-1282

CVE-2005-1282 affects ArGoSoft Mail Server Pro 1.8.7.6, with multiple XSS vulnerabilities allowing remote injection via (1) IMG src, (2) webmail user settings, or (3) address book input. The connected sources confirm XSS exposure and affected component, but do not provide patch/version remediatio...

4.3CVSS5.8AI score0.01177EPSS