Lucene search
K
BasilixBasilix Webmail

7 matches found

CVE
CVE
added 2005/06/21 4:0 a.m.89 views

CVE-2002-1709

CVE-2002-1709 describes a SQL injection vulnerability in BasiliX Webmail, where the vulnerable vector is the id parameter. The OpenVAS entries indicate that remote servers running BasiliX Webmail version 1.1.0 or lower are potentially vulnerable, with susceptibility depending on the installed PHP...

6.4CVSS7.4AI score0.01153EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.68 views

CVE-2002-1708

The OpenVAS/Nessus entries confirm CVE-2002-1708 as a cross-site scripting vulnerability in BasiliX Webmail, affecting version 1.1.0 or lower. The issue arises because BasiliX does not filter HTML tags when displaying messages, enabling an attacker to inject arbitrary HTML/script into the message...

6.8CVSS6.6AI score0.04262EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.56 views

CVE-2001-1045

CVE-2001-1045 describes a directory traversal vulnerability in Basilix Webmail up to version 1.0.3beta, where an attacker can read arbitrary files by injecting a .. (dot dot) into the request_id[DUMMY] parameter of basilix.php3. The connected documents corroborate that the vulnerability allows re...

5CVSS6.7AI score0.03764EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.51 views

CVE-2002-1711

CVE-2002-1711 affects BasiliX Webmail 1.1.0. The vulnerability is that attachments are saved in a world-readable, insecure "/tmp/BasiliX" directory, allowing a local attacker to read other users’ attachments. Documentation confirms BasiliX 1.1.0 stores attachments publicly on the host and that th...

2.1CVSS6.1AI score0.00349EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.50 views

CVE-2001-1044

CVE-2001-1044 affects Basilix Webmail 0.9.7beta (and possibly other versions). The issue is that ".class" and ".inc" files are stored under the document root without access restrictions, enabling remote attackers to read sensitive information such as MySQL passwords and usernames from the mysql.c...

7.5CVSS6.3AI score0.06936EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.47 views

CVE-2002-1710

BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...

3.6CVSS6AI score0.00333EPSS
CVE
CVE
added 2006/10/04 12:0 a.m.43 views

CVE-2006-5167

CVE-2006-5167 affects BasiliX 1.1.1 and earlier, where multiple PHP remote file inclusion flaws allow an attacker to execute arbitrary PHP code by supplying a URL via the BSX_LIBDIR parameter in /files/ scripts (abook.php3, compose-.php3, folder- .php3, mbox-.php3, message- .php3, settings.php3, ...

5.1CVSS8AI score0.03015EPSS
Web