CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3579
https://notcve.org/view.php?id=CVE-2008-3579
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Calacode @Mail 5.41 sobre linux no requiere autenticación de administrador para la página build-plesk-upgrade.php, lo que permite a atacantes remotos obtener información sensible mediante la creación de un archivo de copia de respaldo (backup) de todo el árbol de directorios. NOTA: esto puede ser aprovechado para una explotación remota del CVE-2008-3395. • http://secunia.com/advisories/31279 https://exchange.xforce.ibmcloud.com/vulnerabilities/44145 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3395
https://notcve.org/view.php?id=CVE-2008-3395
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Calacode @Mail 5.41 en Linux emplea permisos débiles de lectura por todos (world-readable) para webmail/libs/Atmail/Config.php y (2) webmail/webadmin/.htpasswd, lo que permite a usuarios locales obtener información sensible al leer estos ficheros. NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de fuentes de terceros. • http://secunia.com/advisories/31279 http://www.securityfocus.com/bid/30434 https://exchange.xforce.ibmcloud.com/vulnerabilities/44144 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6196
https://notcve.org/view.php?id=CVE-2007-6196
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero util.php de Calacode @Mail, en versiones anteriores a la 5.2. Permite que atacantes remotos inyecten, a su elección, código web o HTML, usando el parámetro func. • http://osvdb.org/38911 http://secunia.com/advisories/27837 http://terra.calacode.com/mail/docs/changelog.html http://www.securityfocus.com/bid/26635 http://www.securitytracker.com/id?1019013 https://exchange.xforce.ibmcloud.com/vulnerabilities/38758 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6700
https://notcve.org/view.php?id=CVE-2006-6700
Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en @Mail WebMail permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados. NOTA: esta información se basa en una pequeña información inicial. • http://secunia.com/advisories/23472 http://securitytracker.com/id?1017435 http://www.netragard.com/html/recent_research.html http://www.securityfocus.com/bid/21708 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0842
https://notcve.org/view.php?id=CVE-2006-0842
Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18874 http://www.osvdb.org/23236 http://www.securityfocus.com/bid/16683 http://www.vupen.com/english/advisories/2006/0617 https://exchange.xforce.ibmcloud.com/vulnerabilities/24742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •