VYPR

Atmail

by Atmail

CVEs (25)

  • CVE-2012-1916Mar 27, 2012
    risk 0.00cvss epss 0.03

    @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.

  • CVE-2008-5619Dec 17, 2008
    risk 0.00cvss epss 0.54

    html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the…

  • CVE-2008-3579Aug 10, 2008
    risk 0.00cvss epss 0.02

    Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged…

  • CVE-2008-3395Jul 31, 2008
    risk 0.00cvss epss 0.01

    Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the…

  • CVE-2006-0611Feb 9, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.

Page 2 of 2