CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. Vulnerabilidad de cross-site scripting en Axigen WebMail v.10.5.7 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro serverName_input. • https://www.exploit-db.com/exploits/51963 https://github.com/vinnie1717/CVE-2023-48974 https://www.axigen.com/mail-server/download https://www.axigen.com/updates/axigen-10.3.3.61 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 55EXPL: 1CVE-2010-3459
https://notcve.org/view.php?id=CVE-2010-3459
Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la interfaz Ajax Webmail en AXIGEN Mail Server anterior a v7.4.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/41430 http://www.axigen.com/press/product-releases/axigen-releases-version-742_74.html http://www.osvdb.org/68026 http://www.securityfocus.com/bid/43230 http://www.vupen.com/english/advisories/2010/2415 https://exchange.xforce.ibmcloud.com/vulnerabilities/61825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 56EXPL: 3CVE-2010-3460 – Axigen Webmail 1.0.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-3460
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. Vulnerabilidad de salto de directorio en la interfaz HTTP en AXIGEN Mail Server v7.4.1 para Windows permite a atacantes remotos leer archivos a su elección a través de un %5C (barra invertida codificada) en la URL. • https://www.exploit-db.com/exploits/34622 http://packetstormsecurity.org/1009-exploits/axigen741-traversal.txt http://secunia.com/advisories/41430 http://www.acunetix.com/blog/news/directory-traversal-axigen http://www.axigen.com/press/product-releases/axigen-releases-version-742_74.html http://www.osvdb.org/68027 http://www.securityfocus.com/bid/43230 http://www.vupen.com/english/advisories/2010/2415 https://exchange.xforce.ibmcloud.com/vulnerabilities/61826 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 15%CPEs: 2EXPL: 1CVE-2007-0886 – Axigen 2.0.0b1 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0886
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. Desbordamiento de búfer basado en montón en axigen 1.2.6 hasta 2.0.0b1 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección mediante determinados datos codificados en base64 en el puerto pop3 (110/tcp), lo cual dispara un desbordamiento de entero. • https://www.exploit-db.com/exploits/3289 http://marc.info/?l=full-disclosure&m=117094708423302&w=2 http://osvdb.org/38133 http://secunia.com/advisories/24073 http://www.securityfocus.com/bid/22473 https://exchange.xforce.ibmcloud.com/vulnerabilities/32342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 1CVE-2007-0887 – Axigen 2.0.0b1 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0887
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). axigen 1.2.6 hasta 2.0.0b1 no analiza adecuadamente las credenciales de acceso, lo cual permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y cierre de aplicación) mediante una secuencia en base-64 "*\x00" en el puerto imap (143/tcp). • https://www.exploit-db.com/exploits/3290 http://marc.info/?l=full-disclosure&m=117094708423302&w=2 http://osvdb.org/33165 http://secunia.com/advisories/24073 http://www.securityfocus.com/bid/22473 https://exchange.xforce.ibmcloud.com/vulnerabilities/32345 • CWE-476: NULL Pointer Dereference •