11 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. • http://secunia.com/advisories/18991 http://secunia.com/secunia_research/2006-6/advisory http://securityreason.com/securityalert/504 http://www.osvdb.org/23512 http://www.securityfocus.com/archive/1/426206/100/0/threaded http://www.securityfocus.com/bid/16834 http://www.vupen.com/english/advisories/2006/0751 https://exchange.xforce.ibmcloud.com/vulnerabilities/24945 •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1

Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. • http://secunia.com/advisories/18990 http://securityreason.com/securityalert/487 http://www.nsag.ru/vuln/877.html http://www.vupen.com/english/advisories/2006/0733 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code. • http://secunia.com/advisories/18990 http://www.nsag.ru/vuln/879.html http://www.securityfocus.com/archive/1/425968/100/0/threaded http://www.securityfocus.com/bid/16808 http://www.vupen.com/english/advisories/2006/0733 •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command. • http://secunia.com/advisories/18990 http://www.nsag.ru/vuln/878.html http://www.securityfocus.com/archive/1/425969/100/0/threaded http://www.securityfocus.com/bid/16809 http://www.vupen.com/english/advisories/2006/0733 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. • http://marc.info/?l=bugtraq&m=111419001527077&w=2 http://www.osvdb.org/15822 http://www.securityfocus.com/bid/13323 https://exchange.xforce.ibmcloud.com/vulnerabilities/20228 •