7 matches found
CVE-2002-1709
CVE-2002-1709 describes a SQL injection vulnerability in BasiliX Webmail, where the vulnerable vector is the id parameter. The OpenVAS entries indicate that remote servers running BasiliX Webmail version 1.1.0 or lower are potentially vulnerable, with susceptibility depending on the installed PHP...
CVE-2002-1708
The OpenVAS/Nessus entries confirm CVE-2002-1708 as a cross-site scripting vulnerability in BasiliX Webmail, affecting version 1.1.0 or lower. The issue arises because BasiliX does not filter HTML tags when displaying messages, enabling an attacker to inject arbitrary HTML/script into the message...
CVE-2001-1045
CVE-2001-1045 describes a directory traversal vulnerability in Basilix Webmail up to version 1.0.3beta, where an attacker can read arbitrary files by injecting a .. (dot dot) into the request_id[DUMMY] parameter of basilix.php3. The connected documents corroborate that the vulnerability allows re...
CVE-2002-1711
CVE-2002-1711 affects BasiliX Webmail 1.1.0. The vulnerability is that attachments are saved in a world-readable, insecure "/tmp/BasiliX" directory, allowing a local attacker to read other users’ attachments. Documentation confirms BasiliX 1.1.0 stores attachments publicly on the host and that th...
CVE-2001-1044
CVE-2001-1044 affects Basilix Webmail 0.9.7beta (and possibly other versions). The issue is that ".class" and ".inc" files are stored under the document root without access restrictions, enabling remote attackers to read sensitive information such as MySQL passwords and usernames from the mysql.c...
CVE-2002-1710
BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...
CVE-2006-5167
CVE-2006-5167 affects BasiliX 1.1.1 and earlier, where multiple PHP remote file inclusion flaws allow an attacker to execute arbitrary PHP code by supplying a URL via the BSX_LIBDIR parameter in /files/ scripts (abook.php3, compose-.php3, folder- .php3, mbox-.php3, message- .php3, settings.php3, ...