CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14597
https://notcve.org/view.php?id=CVE-2017-14597
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en AdminPanel en AfterLogic WebMail 7.7 y Aurora 7.7.5 mediante el campo txtDomainName a adminpanel/modules/pro/inc/ajax.php al añadir un dominio. • https://auroramail.wordpress.com/2017/08/28/vulnerability-in-webmailaurora-closed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2587 – afterlogic mailsuite pro (VMware Appliance) 6.3 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2587
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en AfterLogic MailSuite Pro v6.3 que permite a atacantes remotos inyectar código web o html a través del cuerpo de un mensaje de correo electrónico con un atributo SRC manipulado por (1) un elemento IFRAME o (2) un elemento SCRIPT. AfterLogic Mailsuite Pro (VMware Appliance) version 6.3 suffers from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/20352 http://www.exploit-db.com/exploits/20352 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4CVE-2009-4743 – AfterLogic WebMail Pro 4.7.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4743
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en history-storage.aspx en AfterLogic WebMail Pro v4.7.10 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) HistoryStorageObjectName y (2) HistoryKey • https://www.exploit-db.com/exploits/9857 https://www.exploit-db.com/exploits/33268 http://osvdb.org/58712 http://secunia.com/advisories/36964 http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt http://www.securityfocus.com/bid/36605 https://exchange.xforce.ibmcloud.com/vulnerabilities/53672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0631 – MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method
https://notcve.org/view.php?id=CVE-2008-0631
Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method. Múltiples controles ActiveX en MailBee.dll de MailBee Objects 5.5. Permiten a atacantes remotos (1) sobreescribir archivos de su elección a través del método SaveToDisk method o (2) modificar archivos a través del método AddStringToFile. • https://www.exploit-db.com/exploits/4999 http://www.securityfocus.com/bid/27481 https://exchange.xforce.ibmcloud.com/vulnerabilities/40011 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0333 – MailBee WebMail Pro 4.1 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2008-0333
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. Vulnerabilidad de salto de directorio en download_view_attachment.aspx de AfterLogic MailBee WebMail Pro 4.1 para ASP.NET permite a atacantes remotos leer ficheros locales de su elección mediante una secuencia .. (punto punto) en el parámetro temp_filename. • https://www.exploit-db.com/exploits/4921 http://secunia.com/advisories/28521 http://www.securityfocus.com/bid/27312 https://exchange.xforce.ibmcloud.com/vulnerabilities/39724 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •