4 matches found
CVE-2013-2302
The CVE-2013-2302 entry concerns TransWARE Active! mail 6. Affected component: Active! mail with an external public interface enabled. Root cause: information disclosure allowing local users to obtain other users’ credentials by leveraging shell access via TELNET/SSH to the server. Impact (as doc...
CVE-2009-4353
CVE-2009-4353 affects Active! mail 2003 Mobile Edition (build 2003.0139.0871 and earlier; possibly before 2003.0139.0911). The issue is that the application does not remove the session ID from a Referer URL, enabling a remote attacker to hijack web sessions via vectors such as an email containing...
CVE-2010-3913
CVE-2010-3913 affects TransWARE Active! mail 6 (build 6.40.010047750 and earlier). The vulnerability is a CRLF/HTTP header injection that can enable HTTP response splitting and allow remote attackers to inject headers. Documented impacts include falsified information being displayed and potential...
CVE-2009-4354
TransWARE Active! mail 2003 (Build 2003.0139.0871 and earlier) contains a session cookie handling flaw that can allow remote attackers to hijack web sessions via insecure cookie handling in SSL contexts. Affects the web-based mail software and enables user impersonation. According to JVN/NVD reco...