CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 2CVE-2008-0140 – Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2008-0140
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. Vulnerabilidad de salto de directorio en error.php de Uebimiau Webmail 2.7.10 y 2.7.2 permite a usuarios autenticados remotamente leer archivos de su elección mediante un .. (punto punto) en el parámetro selected_theme, un vector diferente de CVE-2007-3172. • https://www.exploit-db.com/exploits/4846 http://www.attrition.org/pipermail/vim/2008-January/001867.html http://www.securityfocus.com/bid/27154 https://exchange.xforce.ibmcloud.com/vulnerabilities/39460 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 5CVE-2007-6321 – Roundcube Webmail 0.1 - CSS Expression Input Validation
https://notcve.org/view.php?id=CVE-2007-6321
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en RoundCube webmail 0.1rc2, 2007-12-09, y versiones anteriores, cuando utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de expresión que contiene los comandos. • https://www.exploit-db.com/exploits/30877 http://openmya.hacker.jp/hasegawa/security/expression.txt http://secunia.com/advisories/30734 http://securityreason.com/securityalert/3435 http://trac.roundcube.net/ticket/1484701 http://www.securityfocus.com/archive/1/484802/100/0/threaded http://www.securityfocus.com/bid/26800 https://exchange.xforce.ibmcloud.com/vulnerabilities/38981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2745
https://notcve.org/view.php?id=CVE-2007-2745
Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo printcal.pl en vDesk Webmail versión 4.03, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro type. • http://osvdb.org/37922 http://pridels-team.blogspot.com/2007/05/vdeck-webmail-system-xss-vuln.html http://www.securityfocus.com/bid/24022 https://exchange.xforce.ibmcloud.com/vulnerabilities/34358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 10%CPEs: 5EXPL: 0CVE-2007-2655
https://notcve.org/view.php?id=CVE-2007-2655
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. Una vulnerabilidad no especificada en NetWin Webmail versión 3.1s-1 en SurgeMail versiones anteriores a 3.8i2, presenta un impacto desconocido y vectores de ataque remoto, posiblemente una vulnerabilidad de cadena de formato que permite la ejecución de código remota. • http://osvdb.org/35891 http://secunia.com/advisories/25207 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/23908 http://www.vupen.com/english/advisories/2007/1755 https://exchange.xforce.ibmcloud.com/vulnerabilities/34217 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2005-1819
https://notcve.org/view.php?id=CVE-2005-1819
Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15518 http://www.nikosoft.net/nswm •