CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11182 – Stored XSS vulnerability in MDaemon Email Server
https://notcve.org/view.php?id=CVE-2024-11182
15 Nov 2024 — An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. Se descubrió un problema de XSS en MDaemon Email Server anterior a la versión 24.5.1c. Un atacante puede enviar un mensaje de correo electrónico HTML con JavaScript en una etiqueta img. • https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 176EXPL: 4CVE-2009-1467 – IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1467
05 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (X... • https://www.exploit-db.com/exploits/32969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 176EXPL: 3CVE-2009-1468 – IceWarp Merak Mail Server 9.4.1 Groupware Component - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-1468
05 May 2009 — Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. Múltiples vulnerabilidades de inyección SQL en el formulario de búsqueda en server/webmail.php en el componente Groupware en IceWarp eMail Server y WebMail Server anteriores a v9.4.2 permite a usuarios remotos autent... • https://www.exploit-db.com/exploits/32968 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 176EXPL: 2CVE-2009-1469 – IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation
https://notcve.org/view.php?id=CVE-2009-1469
05 May 2009 — CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message. Vulnerabilidad de... • https://www.exploit-db.com/exploits/32986 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 2CVE-2008-3607 – Noticeware Email Server 4.6 - NG LOGIN Messages Denial of Service
https://notcve.org/view.php?id=CVE-2008-3607
12 Aug 2008 — The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands. El servidor IMAP en NoticeWare Email Server NG 4.6.3 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través del múltiples comandos LOGIN. • https://www.exploit-db.com/exploits/32194 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-2974
https://notcve.org/view.php?id=CVE-2006-2974
12 Jun 2006 — Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. • http://secunia.com/advisories/20516 •