Basilix Webmail@1.1.0 Security Vulnerabilities and Issues — Basilix Webmail@1.1.0 CVE List

Lucene search

BasilixBasilix Webmail1.1.0

5 matches found

CVE•added 2005/06/21 4:0 a.m.•76 views

CVE-2002-1709

SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.

6.4CVSS7.4AI score0.00288EPSS

CVE•added 2005/06/21 4:0 a.m.•46 views

CVE-2002-1708

Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.

6.8CVSS6.6AI score0.00655EPSS

CVE•added 2005/06/21 4:0 a.m.•41 views

CVE-2002-1711

BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.

2.1CVSS6.1AI score0.00153EPSS

CVE•added 2005/06/21 4:0 a.m.•34 views

CVE-2002-1710

The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.

3.6CVSS6AI score0.0007EPSS

CVE•added 2006/10/05 4:4 a.m.•33 views

CVE-2006-5167

Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) co...

5.1CVSS8AI score0.10967EPSS