3 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. calendar.php en Kamgaing Email System (kmail) 2.3 y anteriores permiten a atacantes remotos obtener la ruta completa del servidor a través de un parámetro d inválido, lo cual filtra la ruta en un mensaje de error. • http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html http://www.osvdb.org/25065 https://exchange.xforce.ibmcloud.com/vulnerabilities/26120 •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. • http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html http://secunia.com/advisories/19755 http://www.osvdb.org/25061 http://www.osvdb.org/25062 http://www.osvdb.org/25063 http://www.osvdb.org/25064 http://www.vupen.com/english/advisories/2006/1564 https://exchange.xforce.ibmcloud.com/vulnerabilities/26117 •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 3

KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. • https://www.exploit-db.com/exploits/25375 http://bugs.kde.org/show_bug.cgi?id=96020 http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html http://secunia.com/advisories/14925 http://www.securiteam.com/unixfocus/5GP0B0AFFE.html •