3 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. Vulnerabilidad de salto de directorio en download_view_attachment.aspx de AfterLogic MailBee WebMail Pro 4.1 para ASP.NET permite a atacantes remotos leer ficheros locales de su elección mediante una secuencia .. (punto punto) en el parámetro temp_filename. • https://www.exploit-db.com/exploits/4921 http://secunia.com/advisories/28521 http://www.securityfocus.com/bid/27312 https://exchange.xforce.ibmcloud.com/vulnerabilities/39724 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en MailBee WebMail Pro versión 3.4 y anteriores; y posiblemente MailBee WebMail Pro ASP versiones anteriores a 3.4.64, WebMail Lite ASP versiones anteriores a 4.0.11 y WebMail Lite PHP versiones anteriores a 4.0.22; permite a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro mode en el archivo login.php y el (2) parámetro mode2 en el archivo default.asp en un modo advanced_login. • https://www.exploit-db.com/exploits/30642 https://www.exploit-db.com/exploits/30641 http://marc.info/?l=bugtraq&m=119161078031690&w=2 http://osvdb.org/37649 http://osvdb.org/37650 http://secunia.com/advisories/27073 http://www.securityfocus.com/bid/25942 http://www.securitytracker.com/id?1018783 http://www.vupen.com/english/advisories/2007/3450 https://exchange.xforce.ibmcloud.com/vulnerabilities/36979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en check_login.asp de AfterLogic MailBee WebMail Pro 3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro username. • https://www.exploit-db.com/exploits/29851 http://osvdb.org/34974 http://secunia.com/advisories/24882 http://securityreason.com/securityalert/2572 http://www.majorsecurity.de/index_2.php?major_rls=major_rls44 http://www.securityfocus.com/archive/1/465611/100/0/threaded http://www.securityfocus.com/bid/23481 http://www.vupen.com/english/advisories/2007/1416 https://exchange.xforce.ibmcloud.com/vulnerabilities/33645 •