Page 2 of 8 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. • http://secunia.com/advisories/14253 http://securitytracker.com/id?1013172 http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch http://www.securityfocus.com/bid/12547 https://exchange.xforce.ibmcloud.com/vulnerabilities/19335 •

CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. • http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt http://secunia.com/advisories/12017 http://securitytracker.com/id?1010605 http://www.osvdb.org/7474 http://www.securityfocus.com/bid/10637 https://exchange.xforce.ibmcloud.com/vulnerabilities/16549 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. • http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch http://secunia.com/advisories/11334 http://www.securityfocus.com/bid/10087 https://exchange.xforce.ibmcloud.com/vulnerabilities/15822 •