CVE-2013-2622 – Uebimiau 2.7.11 Cross Site Scripting / Open Redirection
https://notcve.org/view.php?id=CVE-2013-2622
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en UebiMiau versión 2.7.11 y anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro "selected_theme" en el archivo error.php. Uebimiau versions 2.7.11 and below suffer from open redirect and cross site scripting vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/87807 https://packetstormsecurity.com/files/123557/Uebimiau-2.7.11-Cross-Site-Scripting-Open-Redirection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5235 – Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5235
Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en Uebimiau 2.7.2 hasta la 2.7.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro f_email. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/11906 https://www.exploit-db.com/exploits/30633 http://osvdb.org/39898 http://www.securityfocus.com/bid/25912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-3170 – UebiMiau 2.7.10 - '/demo/pop3/error.php?selected_theme' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3170
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Uebimiau Webmail permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) the PATH_INFO en redirect.php o (2) the selected_theme en demo/pop3/error.php. • https://www.exploit-db.com/exploits/30097 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063629.html http://osvdb.org/37463 http://osvdb.org/37464 http://www.securityfocus.com/bid/24210 https://exchange.xforce.ibmcloud.com/vulnerabilities/34553 •
CVE-2007-3171 – UebiMiau 2.7.10 - '/demo/pop3/error.php' Multiple Full Path Disclosures
https://notcve.org/view.php?id=CVE-2007-3171
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. Uebimiau Webmail permite a atacantes remotos obtener información sensible a través de una respuesta en demo/pop3/error.php con un valor no válido de los parámetros (1) smarty o (2) selected_theme, los cuales revelan la ruta en varios mensajes de error. • https://www.exploit-db.com/exploits/30098 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063629.html http://osvdb.org/38337 http://www.securityfocus.com/bid/24210 https://exchange.xforce.ibmcloud.com/vulnerabilities/34554 •
CVE-2007-3172
https://notcve.org/view.php?id=CVE-2007-3172
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. Vulnerabilidad de salto de directoro en demo/pop3/error.php en Uebimiau Webmail permite a atacantes remotos determinar la existencia de directorios de su elección a través de un nombre de ruta absoluto y la secuencia .. (punto punto) en el parámetro selected_theme. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063629.html http://osvdb.org/38337 http://www.securityfocus.com/bid/24210 https://exchange.xforce.ibmcloud.com/vulnerabilities/34555 •