7 matches found
CVE-2004-1130
CVE-2004-1130 describes a Cross-site scripting (XSS) flaw in admin.asp of CMailServer 5.2 that allows remote attackers to execute arbitrary web script or HTML by supplying input to personal information fields (username, name, comments). The vulnerability is documented across NVD/CVE records with ...
CVE-2007-1991
CVE-2007-1991 is an XSS vulnerability affecting CmailServer WebMail 5.4.3 (and possibly earlier) in the mail/signup.asp path. The issue allows remote attackers to inject arbitrary web script or HTML via the Comment parameter (a vector distinct from CVE-2007-1927). Public references confirm the sa...
CVE-2004-1129
CVE-2004-1129 affects YoungZSoft CMailServer 5.2. A remote SQL injection is possible in the components fdelmail.asp, addressc.asp, and possibly postmail.asp and fmvmail.asp via the indexOfMail parameter, allowing an attacker to inject arbitrary SQL commands and compromise mail metadata and contac...
CVE-2008-6922
CVE-2008-6922 describes multiple stack-based buffer overflows in CMailServer 5.4.6: CMailCOM.dll and related ActiveX controls (CMailCom.POP3 and CMailCOM.SMTP) fail to handle long arguments in a list of methods (CreateUserPath, Logout, DeleteMailByUID, MoveToInbox, MoveToFolder, DeleteMailEx, Get...
CVE-2007-1927
The provided documents confirm a concrete XSS vulnerability: CVE-2007-1927 affects CmailServer WebMail 5.3.4 and earlier, where arbitrary web script/HTML can be injected via the POP3Mail parameter in signup.asp. Connected records also reference CVE-2007-1991 (a related XSS in mail/signup.asp via ...
CVE-2002-0799
Technical details for CVE-2002-0799 are not publicly available in the provided connected documents; monitor for updates.
CVE-2003-0280
CVE-2003-0280 : Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (MAIL FROM) or (RCPT TO) commands. The connected documents confirm the affected product/version and the remote-code-execution impact, with C...