4 matches found
CVE-2005-1650
The CVE-2005-1650 entry applies to Woppoware PostMaster 4.2.2, where the web mail service returns different error messages based on whether a user exists. This behavior allows remote attackers to enumerate valid usernames, constituting an information disclosure issue. The Red Hat and CVE records ...
CVE-2005-1652
CVE-2005-1652 affects Woppoware PostMaster 4.2.2 (build 3.2.5). Affected component: message.htm. Root cause: remote authentication bypass via modification of the email parameter, enabling attackers to bypass login and act as the targeted user (e.g., read messages, compose messages). Public refere...
CVE-2005-1651
The CVE-2005-1651 entry concerns Woppoware PostMaster 4.2.2 (build 3.2.5). The vulnerability is a directory traversal in the message.htm page, exploitable via .. in the wmm parameter, allowing an attacker to determine the existence of arbitrary files on the remote host. This is framed as a partia...
CVE-2005-1653
Woppoware PostMaster 4.2.2 (build 3.2.5) is affected by a Cross-site Scripting (XSS) vulnerability in the message.htm page due to unsanitized input in the email parameter. This allows remote attackers to inject arbitrary web script or HTML. Root cause: improper input sanitization in the email par...