Imp
Products
2- 6 CVEs
- 3 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48974 | 0.04 | — | 0.03 | Feb 8, 2024 | Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | |||
| CVE-2002-1527 | 0.04 | — | 0.07 | Apr 2, 2003 | emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. | |||
| CVE-2007-2826 | 0.03 | — | 0.03 | May 22, 2007 | PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. | |||
| CVE-2002-1708 | 0.03 | — | 0.04 | Dec 31, 2002 | Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. | |||
| CVE-2001-0857 | 0.03 | — | 0.03 | Dec 6, 2001 | Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. | |||
| CVE-2003-0025 | 0.02 | — | 0.24 | Jan 17, 2003 | Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | |||
| CVE-2002-0531 | 0.00 | — | 0.04 | Aug 12, 2002 | Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. | |||
| CVE-2000-0458 | 0.00 | — | 0.00 | Apr 22, 2000 | The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. | |||
| CVE-2000-0459 | 0.00 | — | 0.01 | Apr 22, 2000 | IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. |
- CVE-2023-48974Feb 8, 2024risk 0.04cvss —epss 0.03
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.
- CVE-2002-1527Apr 2, 2003risk 0.04cvss —epss 0.07
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
- CVE-2007-2826May 22, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
- CVE-2002-1708Dec 31, 2002risk 0.03cvss —epss 0.04
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
- CVE-2001-0857Dec 6, 2001risk 0.03cvss —epss 0.03
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
- CVE-2003-0025Jan 17, 2003risk 0.02cvss —epss 0.24
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
- CVE-2002-0531Aug 12, 2002risk 0.00cvss —epss 0.04
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
- CVE-2000-0458Apr 22, 2000risk 0.00cvss —epss 0.00
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
- CVE-2000-0459Apr 22, 2000risk 0.00cvss —epss 0.01
IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.