CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2013-6229 – Atmail WebMail - 'INBOX.Trash?mailId' Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6229
07 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585. Múltiples vulnerabilidades de XSS en Atmail... • https://packetstorm.news/files/id/125097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 32EXPL: 1CVE-2013-6017 – Atmail Webmail Server - Email Body HTML Injection
https://notcve.org/view.php?id=CVE-2013-6017
12 Jan 2014 — Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element. Vulnerabilidad de cross-site scripting (XSS) en Atmail Webmail Server anteriores a 7.2 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del cuerpo de un mensaje de email, como fue demostrado con el atributo SRC en un elemento IFRAME. • https://www.exploit-db.com/exploits/39015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5031
https://notcve.org/view.php?id=CVE-2013-5031
12 Jan 2014 — Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034. Vulnerabilidad no especificada en Atmail anteriores a 6.6.4, y 7.x anteriores a 7.1.2, tienen un impacto y vectores de ataque no especificados, una vulnerabilidad diferente a CVE-2013-5032, CVE-2013-5033, y CVE-2013-5034. • http://atmail.com/changelog •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5032
https://notcve.org/view.php?id=CVE-2013-5032
12 Jan 2014 — Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034. Vulnerabilidad sin especificar en Atmail anterior a la versión 6.6.4, y 7.x anterior a 7.1.2, tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034. • http://atmail.com/changelog •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5033
https://notcve.org/view.php?id=CVE-2013-5033
12 Jan 2014 — Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034. Vulnerabilidad no especificada en Atmail anteriores a 6.6.4, y 7.x anteriores a 7.1.2, tienen un impacto y vectores de ataque no especificados, una vulnerabilidad diferente a CVE-2013-5031, CVE-2013-5032, y CVE-2013-5034. • http://atmail.com/changelog •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5034
https://notcve.org/view.php?id=CVE-2013-5034
12 Jan 2014 — Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033. Vulnerabilidad sin especificar en Atmail anterior a la versión 6.6.4, y 7.x anterior a 7.1.2, tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033. • http://atmail.com/changelog •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2013-6028
https://notcve.org/view.php?id=CVE-2013-6028
12 Jan 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service. Múltiples vulnerabilidades cross-site request forgery (CSRF) en Atmail Webmail Server anteriores a 7.2 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que (1) añaden cuentas de... • http://atmail.com/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3579
https://notcve.org/view.php?id=CVE-2008-3579
10 Aug 2008 — Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Calacode @Mail 5.41 sobre linux no requiere autenticación de administrador para... • http://secunia.com/advisories/31279 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3395
https://notcve.org/view.php?id=CVE-2008-3395
31 Jul 2008 — Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Calacode @Mail 5.41 en Linux emplea permisos débiles de lectura por todos (world-readable) para webmail/libs/Atmail/Config.php y (2) webmail/webadmin/.htpasswd, lo que permite... • http://secunia.com/advisories/31279 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0611
https://notcve.org/view.php?id=CVE-2006-0611
09 Feb 2006 — Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. Vulnerabilidad de salto de directorio en compose.pl en @Mail 4.3 y en versiones anteriores para Windows permite a atacantes remotos subir archivos arbitrarios en ubicaciones arbitrarias a través de .. (punto punto) en el parámetro unique. • http://kb.atmail.com/view_article.php?num=374 •