6 matches found
CVE-2012-1918
CVE-2012-1918 affects AtMail Open-Source WebMail Client (before 1.05). Vulnerable components are compose.php and libs/Atmail/SendMsg.php, with a directory traversal flaw that allows remote attackers to read arbitrary files via a .. in the Attachment[] parameter. Impact described as reading arbitr...
CVE-2011-4540
AtMail Open (Open-Source edition) 1.04 contains multiple XSS vulnerabilities exploitable via the func parameter to ldap.php or search.php. Remote attackers could inject arbitrary web script/HTML, with impact limited to partial integrity and no confidentiality/availability impact per the CVE metad...
CVE-2012-1916
CVE-2012-1916 affects the @Mail WebMail Client in AtMail Open-Source prior to version 1.05. The issue allows remote attackers to execute arbitrary code by delivering an email with an attachment that has an executable extension, resulting in creation of an executable file under tmp/. This is descr...
CVE-2012-1920
The CVE-2012-1920 issue affects the @Mail WebMail Client in AtMail Open-Source 1.04 and earlier. A remote attacker can obtain configuration information by issuing a direct request to install/info.php, which calls phpinfo. This is an information-disclosure vulnerability in the WebMail component. T...
CVE-2012-1917
CVE-2012-1917 affects AtMail Open-Source (compose.php in the @Mail WebMail Client) prior to version 1.05. The root cause is improper handling of ../ sequences in the unique parameter, allowing remote attackers to perform directory traversal and read arbitrary files via a ..././ sequence. Document...
CVE-2012-1919
CVE-2012-1919 affects AtMail Open-Source’s @Mail WebMail Client (mime.php) prior to version 1.05. The vulnerability is a CRLF injection that allows a remote attacker to perform directory traversal and read arbitrary files by injecting a %0A sequence followed by .. in the file parameter, enabling ...