18 results (0.013 seconds)

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1

PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. Vulnerabilidad de inclusión remota de archivo en PHP en modules/mail/main.php del Inter7 vHostAdmin 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro MODULES_DIR. • https://www.exploit-db.com/exploits/3191 http://osvdb.org/36627 http://www.vupen.com/english/advisories/2007/0339 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP. • http://secunia.com/advisories/19987 http://sourceforge.net/project/shownotes.php?release_id=415350 http://www.osvdb.org/25445 http://www.securityfocus.com/bid/17894 http://www.vupen.com/english/advisories/2006/1698 https://exchange.xforce.ibmcloud.com/vulnerabilities/26333 •

CVSS: 7.5EPSS: 16%CPEs: 12EXPL: 0

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. • http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11 http://secunia.com/advisories/19262 http://secunia.com/advisories/23019 http://security.gentoo.org/glsa/glsa-200611-15.xml http://sourceforge.net/project/shownotes.php?group_id=6691&release_id=395211 http://www.osvdb.org/23705 http://www.securityfocus.com/bid/16994 http://www.vupen.com/english/advisories/2006/0852 https://exchange.xforce.ibmcloud.com/vulnerabilities/25065 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". • http://marc.info/?l=bugtraq&m=112607033030475&w=2 http://secunia.com/advisories/16704 http://secunia.com/advisories/17156 http://secunia.com/secunia_research/2005-44/advisory http://www.debian.org/security/2005/dsa-820 http://www.securiteam.com/unixfocus/5RP0220GUS.html http://www.ubuntu.com/usn/usn-201-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/22158 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. • https://www.exploit-db.com/exploits/26200 http://marc.info/?l=bugtraq&m=112534112715638&w=2 http://seclists.org/fulldisclosure/2005/Aug/975 http://secunia.com/advisories/16600 http://secunia.com/advisories/17156 http://secunia.com/secunia_research/2005-39/advisory http://www.securityfocus.com/bid/14676 http://www.ubuntu.com/usn/usn-201-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/22043 •