CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2005-2724
https://notcve.org/view.php?id=CVE-2005-2724
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. • http://marc.info/?l=bugtraq&m=112490698219531&w=2 http://marc.info/?l=courier-users&m=112488135424849&w=2 http://secunia.com/advisories/16539 http://secunia.com/advisories/17156 http://secunia.com/secunia_research/2005-35/advisory http://www.debian.org/security/2005/dsa-793 http://www.securityfocus.com/bid/14650 http://www.ubuntu.com/usn/usn-201-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/21997 •
CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 1CVE-2005-1308 – SqWebMail 3.x/4.0 - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2005-1308
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. • https://www.exploit-db.com/exploits/25534 http://secunia.com/advisories/15119 http://www.securityfocus.com/bid/13374 •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2004-2313
https://notcve.org/view.php?id=CVE-2004-2313
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. • http://www.securityfocus.com/archive/1/352317 http://www.securityfocus.com/bid/9541 https://exchange.xforce.ibmcloud.com/vulnerabilities/15058 •
CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0CVE-2004-0224
https://notcve.org/view.php?id=CVE-2004-0224
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Múltiples desobordamientos de búfer en (1) iso2022jp.c o (2) shiftjis.c de Courier-IMAP anteriores a 3.0.0, Courier anteriores a 0.45, y SQWebMail anteriores a 4.0.0 pueden permitir a atacantes remotos ejecutar código arbitrario "cuando el carácter Unicode está fuera de rango BMP". • http://secunia.com/advisories/11087 http://sourceforge.net/project/shownotes.php?release_id=5767 http://www.securityfocus.com/bid/9845 https://exchange.xforce.ibmcloud.com/vulnerabilities/15434 •