CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 2CVE-2007-3172
https://notcve.org/view.php?id=CVE-2007-3172
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. Vulnerabilidad de salto de directoro en demo/pop3/error.php en Uebimiau Webmail permite a atacantes remotos determinar la existencia de directorios de su elección a través de un nombre de ruta absoluto y la secuencia .. (punto punto) en el parámetro selected_theme. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063629.html http://osvdb.org/38337 http://www.securityfocus.com/bid/24210 https://exchange.xforce.ibmcloud.com/vulnerabilities/34555 •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3305
https://notcve.org/view.php?id=CVE-2006-3305
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en UebiMiau Webmail v2.7.10, y v2.7.2 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f_user en index.php, (2) pag en messages.php, o (3) lid, (4) tid, y (5) sid en error.php. • http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html http://secunia.com/advisories/20804 http://www.securityfocus.com/bid/18643 http://www.securityfocus.com/bid/22375 http://www.vupen.com/english/advisories/2006/2513 https://exchange.xforce.ibmcloud.com/vulnerabilities/27371 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3297
https://notcve.org/view.php?id=CVE-2006-3297
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en error.php en UebiMiau Webmail v2.7.10 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro icq. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://www.vupen.com/english/advisories/2006/2513 https://exchange.xforce.ibmcloud.com/vulnerabilities/27371 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0469 – uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0469
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. • https://www.exploit-db.com/exploits/20675 http://secunia.com/advisories/18655 http://securityreason.com/securityalert/387 http://www.securityfocus.com/archive/1/423437/100/0/threaded http://www.securityfocus.com/bid/16413 http://www.uebimiau.org/news.php http://www.vupen.com/english/advisories/2006/0388 https://exchange.xforce.ibmcloud.com/vulnerabilities/24375 •