CVE-2008-0140 – Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2008-0140
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. Vulnerabilidad de salto de directorio en error.php de Uebimiau Webmail 2.7.10 y 2.7.2 permite a usuarios autenticados remotamente leer archivos de su elección mediante un .. (punto punto) en el parámetro selected_theme, un vector diferente de CVE-2007-3172. • https://www.exploit-db.com/exploits/4846 http://www.attrition.org/pipermail/vim/2008-January/001867.html http://www.securityfocus.com/bid/27154 https://exchange.xforce.ibmcloud.com/vulnerabilities/39460 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-6321 – Roundcube Webmail 0.1 - CSS Expression Input Validation
https://notcve.org/view.php?id=CVE-2007-6321
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en RoundCube webmail 0.1rc2, 2007-12-09, y versiones anteriores, cuando utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de expresión que contiene los comandos. • https://www.exploit-db.com/exploits/30877 http://openmya.hacker.jp/hasegawa/security/expression.txt http://secunia.com/advisories/30734 http://securityreason.com/securityalert/3435 http://trac.roundcube.net/ticket/1484701 http://www.securityfocus.com/archive/1/484802/100/0/threaded http://www.securityfocus.com/bid/26800 https://exchange.xforce.ibmcloud.com/vulnerabilities/38981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-1819
https://notcve.org/view.php?id=CVE-2005-1819
Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15518 http://www.nikosoft.net/nswm •
CVE-2001-0857 – Horde IMP 2.2.x - Session Hijacking
https://notcve.org/view.php?id=CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. • https://www.exploit-db.com/exploits/21151 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437 http://marc.info/?l=bugtraq&m=100535679608486&w=2 http://marc.info/?l=bugtraq&m=100540578822469&w=2 http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt http://www.osvdb.org/668 http://www.securityfocus.com/bid/3525 https://exchange.xforce.ibmcloud.com/vulnerabilities/7496 •
CVE-2001-1408 – Cobalt Qube Webmail 1.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-1408
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter. • https://www.exploit-db.com/exploits/20995 http://archives.neohapsis.com/archives/bugtraq/2001-07/0092.html http://archives.neohapsis.com/archives/bugtraq/2001-08/0245.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6805 •