CVE-2007-3170 – UebiMiau 2.7.10 - '/demo/pop3/error.php?selected_theme' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3170
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Uebimiau Webmail permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) the PATH_INFO en redirect.php o (2) the selected_theme en demo/pop3/error.php. • https://www.exploit-db.com/exploits/30097 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063629.html http://osvdb.org/37463 http://osvdb.org/37464 http://www.securityfocus.com/bid/24210 https://exchange.xforce.ibmcloud.com/vulnerabilities/34553 •
CVE-2006-3305
https://notcve.org/view.php?id=CVE-2006-3305
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en UebiMiau Webmail v2.7.10, y v2.7.2 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f_user en index.php, (2) pag en messages.php, o (3) lid, (4) tid, y (5) sid en error.php. • http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html http://secunia.com/advisories/20804 http://www.securityfocus.com/bid/18643 http://www.securityfocus.com/bid/22375 http://www.vupen.com/english/advisories/2006/2513 https://exchange.xforce.ibmcloud.com/vulnerabilities/27371 •
CVE-2006-3297
https://notcve.org/view.php?id=CVE-2006-3297
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en error.php en UebiMiau Webmail v2.7.10 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro icq. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://www.vupen.com/english/advisories/2006/2513 https://exchange.xforce.ibmcloud.com/vulnerabilities/27371 •
CVE-2006-0469 – uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0469
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. • https://www.exploit-db.com/exploits/20675 http://secunia.com/advisories/18655 http://securityreason.com/securityalert/387 http://www.securityfocus.com/archive/1/423437/100/0/threaded http://www.securityfocus.com/bid/16413 http://www.uebimiau.org/news.php http://www.vupen.com/english/advisories/2006/0388 https://exchange.xforce.ibmcloud.com/vulnerabilities/24375 •