Lucene search
K
TranswareActive! Mail

4 matches found

CVE
CVE
added 2013/04/04 7:0 p.m.45 views

CVE-2013-2302

The CVE-2013-2302 entry concerns TransWARE Active! mail 6. Affected component: Active! mail with an external public interface enabled. Root cause: information disclosure allowing local users to obtain other users’ credentials by leveraging shell access via TELNET/SSH to the server. Impact (as doc...

1.9CVSS6.2AI score0.00304EPSS
CVE
CVE
added 2009/12/17 6:0 p.m.44 views

CVE-2009-4353

CVE-2009-4353 affects Active! mail 2003 Mobile Edition (build 2003.0139.0871 and earlier; possibly before 2003.0139.0911). The issue is that the application does not remove the session ID from a Referer URL, enabling a remote attacker to hijack web sessions via vectors such as an email containing...

5.8CVSS6.7AI score0.01083EPSS
CVE
CVE
added 2010/11/05 4:28 p.m.44 views

CVE-2010-3913

CVE-2010-3913 affects TransWARE Active! mail 6 (build 6.40.010047750 and earlier). The vulnerability is a CRLF/HTTP header injection that can enable HTTP response splitting and allow remote attackers to inject headers. Documented impacts include falsified information being displayed and potential...

4.3CVSS7.1AI score0.01104EPSS
CVE
CVE
added 2009/12/17 6:0 p.m.43 views

CVE-2009-4354

TransWARE Active! mail 2003 (Build 2003.0139.0871 and earlier) contains a session cookie handling flaw that can allow remote attackers to hijack web sessions via insecure cookie handling in SSL contexts. Affects the web-based mail software and enables user impersonation. According to JVN/NVD reco...

5.8CVSS6.7AI score0.0105EPSS