VYPR
Vendor

Basilix

Products
2
CVEs
9
Across products
11
Status
Private

Products

2

Recent CVEs

9
  • CVE-2012-3399Jul 12, 2012
    risk 0.08cvss epss 0.65

    Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

  • CVE-2001-1044Jan 11, 2001
    risk 0.04cvss epss 0.07

    Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

  • CVE-2009-2881Aug 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.

  • CVE-2006-5167Oct 5, 2006
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d)…

  • CVE-2002-1708Dec 31, 2002
    risk 0.03cvss epss 0.04

    Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.

  • CVE-2001-1045Jul 6, 2001
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.

  • CVE-2002-1709Dec 31, 2002
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.

  • CVE-2002-1711Dec 31, 2002
    risk 0.00cvss epss 0.00

    BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.

  • CVE-2002-1710Dec 31, 2002
    risk 0.00cvss epss 0.00

    The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.