Page 2 of 18 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. • http://marc.info/?l=bugtraq&m=112490698219531&w=2 http://marc.info/?l=courier-users&m=112488135424849&w=2 http://secunia.com/advisories/16539 http://secunia.com/advisories/17156 http://secunia.com/secunia_research/2005-35/advisory http://www.debian.org/security/2005/dsa-793 http://www.securityfocus.com/bid/14650 http://www.ubuntu.com/usn/usn-201-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/21997 •

CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 1

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. • https://www.exploit-db.com/exploits/25534 http://secunia.com/advisories/15119 http://www.securityfocus.com/bid/13374 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. • http://www.securityfocus.com/archive/1/352317 http://www.securityfocus.com/bid/9541 https://exchange.xforce.ibmcloud.com/vulnerabilities/15058 •

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability • http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html http://archives.neohapsis.com/archives/bugtraq/2004-08/0264.html http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html http://www.osvdb.org/9147 http://www.securityfocus.com/bid/10962 https://exchange.xforce.ibmcloud.com/vulnerabilities/17017 •

CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0

Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html http://archives.neohapsis.com/archives/bugtraq/2004-08/0264.html http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html http://www.osvdb.org/9146 http://www.securityfocus.com/bid/10962 https://exchange.xforce.ibmcloud.com/vulnerabilities/17016 •