Sqwebmail
by Double Precision Incorporated
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2769 | 0.03 | — | 0.03 | Sep 2, 2005 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by… | |||
| CVE-2005-1308 | 0.03 | — | 0.02 | Apr 15, 2005 | SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. | |||
| CVE-2004-0591 | 0.03 | — | 0.05 | Aug 6, 2004 | Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. | |||
| CVE-2005-2820 | 0.00 | — | 0.02 | Sep 7, 2005 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". | |||
| CVE-2005-2724 | 0.00 | — | 0.02 | Aug 30, 2005 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. | |||
| CVE-2004-2313 | 0.00 | — | 0.01 | Dec 31, 2004 | Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | |||
| CVE-2004-0224 | 0.00 | — | 0.03 | Apr 15, 2004 | Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | |||
| CVE-2002-1311 | 0.00 | — | 0.00 | Nov 29, 2002 | Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. |
- CVE-2005-2769Sep 2, 2005risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by…
- CVE-2005-1308Apr 15, 2005risk 0.03cvss —epss 0.02
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
- CVE-2004-0591Aug 6, 2004risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
- CVE-2005-2820Sep 7, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
- CVE-2005-2724Aug 30, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.
- CVE-2004-2313Dec 31, 2004risk 0.00cvss —epss 0.01
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
- CVE-2004-0224Apr 15, 2004risk 0.00cvss —epss 0.03
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
- CVE-2002-1311Nov 29, 2002risk 0.00cvss —epss 0.00
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.