CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-0558 – vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0558
30 Jan 2007 — PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. Vulnerabilidad de inclusión remota de archivo en PHP en modules/mail/main.php del Inter7 vHostAdmin 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro MODULES_DIR. • https://www.exploit-db.com/exploits/3191 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-2346
https://notcve.org/view.php?id=CVE-2006-2346
12 May 2006 — vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP. • http://secunia.com/advisories/19987 •
CVSS: 9.8EPSS: 4%CPEs: 12EXPL: 0CVE-2006-1141
https://notcve.org/view.php?id=CVE-2006-1141
10 Mar 2006 — Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. • http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2820
https://notcve.org/view.php?id=CVE-2005-2820
07 Sep 2005 — Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". • http://marc.info/?l=bugtraq&m=112607033030475&w=2 •
CVSS: 6.1EPSS: 11%CPEs: 1EXPL: 4CVE-2005-2769 – SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection
https://notcve.org/view.php?id=CVE-2005-2769
02 Sep 2005 — Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. • https://www.exploit-db.com/exploits/26200 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2005-2724
https://notcve.org/view.php?id=CVE-2005-2724
29 Aug 2005 — Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. • http://marc.info/?l=bugtraq&m=112490698219531&w=2 •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 1CVE-2005-1308 – SqWebMail 3.x/4.0 - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2005-1308
15 Apr 2005 — SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. • https://www.exploit-db.com/exploits/25534 •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2004-2238
https://notcve.org/view.php?id=CVE-2004-2238
31 Dec 2004 — Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability • http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2004-2239
https://notcve.org/view.php?id=CVE-2004-2239
31 Dec 2004 — Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2004-2313
https://notcve.org/view.php?id=CVE-2004-2313
31 Dec 2004 — Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. • http://www.securityfocus.com/archive/1/352317 •