VYPR

Webmail

by Imp

CVEs (6)

  • CVE-2023-48974Feb 8, 2024
    risk 0.04cvss epss 0.03

    Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.

  • CVE-2002-1527Apr 2, 2003
    risk 0.04cvss epss 0.07

    emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.

  • CVE-2007-2826May 22, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.

  • CVE-2002-1708Dec 31, 2002
    risk 0.03cvss epss 0.04

    Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.

  • CVE-2001-0857Dec 6, 2001
    risk 0.03cvss epss 0.03

    Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

  • CVE-2002-0531Aug 12, 2002
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.