CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0413
https://notcve.org/view.php?id=CVE-2009-0413
03 Feb 2009 — Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en RoundCube Webmail (roundcubemail) v0.2 stable, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de un atributo oculto incrustado en un correo electrónico HTML. • http://secunia.com/advisories/33622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 77%CPEs: 2EXPL: 4CVE-2008-5619 – Roundcube Webmail 0.2-3 Beta - Code Execution
https://notcve.org/view.php?id=CVE-2008-5619
17 Dec 2008 — html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. html2text.php en Chuggnutt HTML a Text Converter, como se usa en PHPMailer en versiones anteriores a 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha y 0.2-3.beta, Mahara y AtMail Open 1.03, ... • https://www.exploit-db.com/exploits/7549 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2008-5620
https://notcve.org/view.php?id=CVE-2008-5620
17 Dec 2008 — RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. RoundCube Webmail (roundcubemail) antes de la v0.2-beta permite a atacantes remotos producir una denegación de servicio (agotamiento de memoria) a través de parámetros de tamaño manipulados que son usado para crear una imagen de cuota grande. • http://sourceforge.net/forum/forum.php?forum_id=898542 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 23%CPEs: 25EXPL: 2CVE-2008-1055 – Surgemail and WebMail 3.0 - 'Page' Remote Format String
https://notcve.org/view.php?id=CVE-2008-1055
27 Feb 2008 — Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. Vulnerabilidad de cadena de formato en webmail.exe de NetWin SurgeMail 38k4 y versiones anteriores y beta 39a, y WebMail 3.1s y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio... • https://www.exploit-db.com/exploits/31300 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 2CVE-2008-0210 – Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2008-0210
10 Jan 2008 — Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. Uebimiau Webmail 2.7.10 y 2.7.2 no protege variables de estado de autenticación de ser establecidas mediante peticiones HTTP, lo cual permite a atacantes remotos evitar la autenticació... • https://www.exploit-db.com/exploits/4846 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 2CVE-2008-0140 – Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2008-0140
08 Jan 2008 — Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. Vulnerabilidad de salto de directorio en error.php de Uebimiau Webmail 2.7.10 y 2.7.2 permite a usuarios autenticados remotamente leer archivos de su elección mediante un .. (punto punto) en el parámetro selected_theme, un vector diferente de CVE-2007-3172. • https://www.exploit-db.com/exploits/4846 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 5CVE-2007-6321 – Roundcube Webmail 0.1 - CSS Expression Input Validation
https://notcve.org/view.php?id=CVE-2007-6321
12 Dec 2007 — Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en RoundCube webmail 0.1rc2, 2007-12-09, y versiones anteriores, cuando utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de expresión que conti... • https://www.exploit-db.com/exploits/30877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2745
https://notcve.org/view.php?id=CVE-2007-2745
17 May 2007 — Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo printcal.pl en vDesk Webmail versión 4.03, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro type. • http://osvdb.org/37922 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2007-2655
https://notcve.org/view.php?id=CVE-2007-2655
14 May 2007 — Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. Una vulnerabilidad no especificada en NetWin Webmail versión 3.1s-1 en SurgeMail versiones anteriores a 3.8i2, presenta un impacto desconocido y vectores de ataque remoto, posiblemente una vulnerabilidad de cadena de formato que permite la ejecución de código remota. • http://osvdb.org/35891 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2005-1819
https://notcve.org/view.php?id=CVE-2005-1819
01 Jun 2005 — Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15518 •