Emumail
Products
4- 4 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2334 | 0.03 | — | 0.01 | Dec 31, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page. | |||
| CVE-2004-2385 | 0.03 | — | 0.05 | Dec 31, 2004 | EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu. | |||
| CVE-2002-1526 | 0.03 | — | 0.01 | Apr 2, 2003 | Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. | |||
| CVE-2002-1527 | 0.03 | — | 0.04 | Apr 2, 2003 | emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. | |||
| CVE-2002-0532 | 0.00 | — | 0.00 | Aug 12, 2002 | EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. | |||
| CVE-2002-0531 | 0.00 | — | 0.03 | Aug 12, 2002 | Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. |
- CVE-2004-2334Dec 31, 2004risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
- CVE-2004-2385Dec 31, 2004risk 0.03cvss —epss 0.05
EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
- CVE-2002-1526Apr 2, 2003risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.
- CVE-2002-1527Apr 2, 2003risk 0.03cvss —epss 0.04
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
- CVE-2002-0532Aug 12, 2002risk 0.00cvss —epss 0.00
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
- CVE-2002-0531Aug 12, 2002risk 0.00cvss —epss 0.03
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.