CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2004-2458
https://notcve.org/view.php?id=CVE-2004-2458
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. • http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch http://secunia.com/advisories/11334 http://www.securityfocus.com/bid/10087 https://exchange.xforce.ibmcloud.com/vulnerabilities/15822 •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2004-2284
https://notcve.org/view.php?id=CVE-2004-2284
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. • http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt http://secunia.com/advisories/12017 http://securitytracker.com/id?1010605 http://www.osvdb.org/7474 http://www.securityfocus.com/bid/10637 https://exchange.xforce.ibmcloud.com/vulnerabilities/16549 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2002-2410
https://notcve.org/view.php?id=CVE-2002-2410
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html http://www.iss.net/security_center/static/10684.php http://www.securityfocus.com/bid/6232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1385
https://notcve.org/view.php?id=CVE-2002-1385
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. openwebmail_init en Open WebMail 1.81 y anteriores permiten a usuarios locales ejecutar código arbitrario mediante secuencias .. (punto punto) en un nombre de inicio de sesión, como el nombre suministrado en el parámetro sessionid de openwebmail-abook.pl, que es usado para encontrar un fichero de configuración que especifica código adicional para ser ejecutado. • http://marc.info/?l=bugtraq&m=104031696120743&w=2 http://marc.info/?l=bugtraq&m=104032263328026&w=2 http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 http://www.securityfocus.com/bid/6425 https://exchange.xforce.ibmcloud.com/vulnerabilities/10904 •