CVSS: 10.0EPSS: 86%CPEs: 2EXPL: 4CVE-2008-5619 – Roundcube Webmail 0.2-3 Beta - Code Execution
https://notcve.org/view.php?id=CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. html2text.php en Chuggnutt HTML a Text Converter, como se usa en PHPMailer en versiones anteriores a 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha y 0.2-3.beta, Mahara y AtMail Open 1.03, permite a atacantes remotos ejecutar código arbitrario a través de entrada manipulada que se procesa por la función preg_replace con el interruptor de eval. RoundCube Webmail versions 0.2-3 Beta and below suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/7549 https://www.exploit-db.com/exploits/7553 http://mahara.org/interaction/forum/topic.php?id=533 http://osvdb.org/53893 http://secunia.com/advisories/33145 http://secunia.com/advisories/33170 http://secunia.com/advisories/34789 http://sourceforge.net/forum/forum.php?forum_id=898542 http://trac.roundcube.net/changeset/2148 http://trac.roundcube.net/ticket/1485618 http://www.openwall.com/lists/oss-security/2008/12/12/1 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 92%CPEs: 25EXPL: 2CVE-2008-1055 – Surgemail and WebMail 3.0 - 'Page' Remote Format String
https://notcve.org/view.php?id=CVE-2008-1055
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. Vulnerabilidad de cadena de formato en webmail.exe de NetWin SurgeMail 38k4 y versiones anteriores y beta 39a, y WebMail 3.1s y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) y posiblemente ejecutar código de su elección a través de cadenas de formato especificadas en el parámetro page. • https://www.exploit-db.com/exploits/31300 http://aluigi.altervista.org/adv/surgemailz-adv.txt http://secunia.com/advisories/29105 http://secunia.com/advisories/29137 http://securityreason.com/securityalert/3705 http://www.securityfocus.com/archive/1/488741/100/0/threaded http://www.securityfocus.com/bid/27990 http://www.securitytracker.com/id?1019500 http://www.vupen.com/english/advisories/2008/0678 https://exchange.xforce.ibmcloud.com/vulnerabilities/40833 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 5CVE-2007-6321 – Roundcube Webmail 0.1 - CSS Expression Input Validation
https://notcve.org/view.php?id=CVE-2007-6321
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en RoundCube webmail 0.1rc2, 2007-12-09, y versiones anteriores, cuando utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de expresión que contiene los comandos. • https://www.exploit-db.com/exploits/30877 http://openmya.hacker.jp/hasegawa/security/expression.txt http://secunia.com/advisories/30734 http://securityreason.com/securityalert/3435 http://trac.roundcube.net/ticket/1484701 http://www.securityfocus.com/archive/1/484802/100/0/threaded http://www.securityfocus.com/bid/26800 https://exchange.xforce.ibmcloud.com/vulnerabilities/38981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2005-1819
https://notcve.org/view.php?id=CVE-2005-1819
Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15518 http://www.nikosoft.net/nswm •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 1CVE-2001-0857 – Horde IMP 2.2.x - Session Hijacking
https://notcve.org/view.php?id=CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. • https://www.exploit-db.com/exploits/21151 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437 http://marc.info/?l=bugtraq&m=100535679608486&w=2 http://marc.info/?l=bugtraq&m=100540578822469&w=2 http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt http://www.osvdb.org/668 http://www.securityfocus.com/bid/3525 https://exchange.xforce.ibmcloud.com/vulnerabilities/7496 •