exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
Posted May 17, 2019
Authored by Numan OZDEMIR

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, csrf
advisories | CVE-2019-12094, CVE-2019-12095
SHA-256 | f0b687fb3216938177a63fc81ec64bebd639bf70d529cb1674744db3e33e6e03

Related Files

iDEFENSE Security Advisory 2007-07-11.6
Posted Jul 12, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.11.07 - Remote exploitation of a local file inclusion vulnerability in gpg_help.php in version 2.0 of the SquirrelMail G/PGP Plugin could allow an authenticated webmail user to execute arbitrary PHP code under the security context of the running web server. iDefense has confirmed the existence of this vulnerability in version 2.0 of the G/PGP Encryption Plugin for SquirrelMail. It is suspected that earlier versions of the plug-in are also affected.

tags | advisory, remote, web, arbitrary, local, php, file inclusion
advisories | CVE-2006-4169
SHA-256 | aa231abe3475356daf40107f026dcfd4b8a5dfd5f6082511bfec68f93d1a9a79
iDEFENSE Security Advisory 2007-07-11.5
Posted Jul 12, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_recv_key() function is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.

tags | advisory, remote, web, arbitrary
advisories | CVE-2005-1924
SHA-256 | 623fb7212497064369a3382096eb045adef0b7054957761e87ecbb918b982ef4
iDEFENSE Security Advisory 2007-07-11.4
Posted Jul 12, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_check_sign_pgp_mime() function is affected. iDefense has confirmed the existence of this vulnerability in version 2.0 of the G/PGP Encryption Plugin for SquirrelMail. It is suspected that earlier versions of the plug-in are also affected.

tags | advisory, remote, web, arbitrary
SHA-256 | 97a634db058299435700a7f1c91d89f48dab33b0e02efe0b54a1768f07a22eb2
iDEFENSE Security Advisory 2007-07-11.3
Posted Jul 12, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The deleteKey() functionality is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.

tags | advisory, remote, web, arbitrary
advisories | CVE-2005-1924
SHA-256 | 43d1374bb1007f95f5034258701359c58204a59a8e93b7fd871ca1983f6a250c
madirish-rfi.txt
Posted Jun 7, 2007
Authored by BoZKuRTSeRDaR | Site turkmilliyetcileri.org

Madirish Webmail version 2.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | f74181ebd7f79da849299ffbde20518867743f25fec9eea99e1dfd67343011c8
Debian Linux Security Advisory 1290-1
Posted May 15, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1290-1 - It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2007-1262
SHA-256 | be082b77c7a63122764d74206a6f9145da3669a0fa16d4defe10da27fa295b3f
Secunia Security Advisory 24882
Posted Apr 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in MailBee WebMail Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 9d2fba4ff6b421d455310f33dc0e505ca72185e6abc94f82cd86a03c0f3e664a
major_rls44.txt
Posted Apr 17, 2007
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

MailBee WebMail Pro version 3.4 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | e0bfe7a7fab1b7303ad97ea5d5c2068c3c936e66d19e005b5725f598ba102f80
cmail534-xss.txt
Posted Apr 8, 2007
Authored by ajann

CmailServer WebMail versions 5.3.4 and below remote cross site scripting exploit.

tags | exploit, remote, xss
SHA-256 | 90aec9df4adaab84df2aa9eb1a8e3087a7a25f22b7653f61b935f301139f2090
lotus.sh.txt
Posted Feb 14, 2007
Authored by Marco Ivaldi

Lotus Domino versions R6 and below Webmail remote password hash dumper exploit.

tags | exploit, remote
SHA-256 | ad22d459010ddc2813609f50832c4ec30e103ff1c2e8748027b6e972b7278f8f
Netragard Security Advisory 2006-12-18
Posted Jan 27, 2007
Authored by Netragard | Site netragard.com

Netragard, L.L.C Advisory - It is possible to take control of an @Mail webmail email account by exploiting a Cross Site Request Forgery (XRSF) vulnerability in the @Mail webmail product. An attacker can send a specially crafted email to any @Mail webmail user with a forged "img" tag. This forged tag, if crafted properly, will inject new settings into the @Mail webmail users account. Version 4.51 is susceptible.

tags | advisory, csrf
SHA-256 | b627e59c9804ad47e3a14c93ce12874b3658b67c476646c57f75d4949ef620ce
Debian Linux Security Advisory 1241-1
Posted Dec 28, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1241-1 - In Squirrelmail, Martijn Brinkers discovered cross site scripting vulnerabilities in the the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail session.

tags | advisory, php, javascript, vulnerability, xss
systems | linux, debian
advisories | CVE-2006-6142
SHA-256 | 3d4e4f9763c1933aa3c82f443c2430f8e41dbad4eee200ae89497e2ebf6d44bb
Mandriva Linux Security Advisory 2006.226
Posted Dec 12, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple cross site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the mailto parameter in webmail.php, the session and delete_draft parameters in compose.php, and unspecified vectors involving "a shortcoming in the magicHTML filter."

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2006-6142
SHA-256 | f780fe058ce85352014c4edd201ec80a122360a88b9dab812c245504a3efbfc4
ISAA-2006-011.txt
Posted Dec 6, 2006
Authored by Vicente Aguilera Diaz

Improper command and information validation transmitted by Hastymail to the mail servers during the normal use of this application facilitates that an authenticated malicious user could inject arbitrary IMAP/SMTP commands into the mail servers used by Hastymail across parameters used by the webmail front-end in its communication with these mail servers. This vulnerability has been found in development version 1.5 and stable version 1.0.2.

tags | exploit, arbitrary, imap
SHA-256 | a3e1f1a44710237610d3100801340ec499b4ad76630080fc5ed1b6ef649d4782
roundcube-XSS.txt
Posted Nov 14, 2006
Authored by RSnake | Site ha.ckers.org

Roundcube webmail appears to have a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 777fc2da5faaae60f518d3791b40609b950f3c149356b76cdc5a1792d53ed4d9
SYMSA-2006-010.txt
Posted Oct 20, 2006
Authored by Derek Callaway | Site symantec.com

Symantec Vulnerability Research SYMSA-2006-010: The web server under IronWebMail employs a simple macro language for evaluating pathname references. A loss of confidentiality occurs as a result of faulty pathname evaluation, causing unauthenticated access violation.

tags | advisory, web
SHA-256 | 70d347b30c2f24ca5298b306b53bddf54e9c34e14f16894f24b825724792f064
Secunia Security Advisory 22403
Posted Oct 16, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Kw3rLn has reported a vulnerability in NuralStorm Webmail, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 774bd99a3b6e7880000ab7fb11c60a589fc96966106d753ae004d79d812a6e90
NeonWebMail.txt
Posted Oct 2, 2006
Site vuln.sg

7 vulnerabilities have been found in Neon WebMail for Java. When exploited, these vulnerabilities allow executing of arbitrary JSP code, escalation of user's privileges, manipulating of user's emails and user account information, disclosure of files on the server, and potentially cause a DoS via large CPU resource utilization by the MySQL server.

tags | advisory, java, arbitrary, vulnerability
SHA-256 | 1ac3a24def980205e93b5bcbe227fa92f6bb8e0f9c1647d320df1e93dd18e582
Secunia Security Advisory 22029
Posted Sep 21, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tan Chew Keong has reported some vulnerabilities in Neon WebMail for Java, which can be exploited by malicious users to manipulate and disclose sensitive information, and conduct script insertion and SQL injection attacks, and by malicious people to compromise a vulnerable system.

tags | advisory, java, vulnerability, sql injection
SHA-256 | 70515919a106ffda21c89d6ab86bc6ed4d614a172ddb7a63568106ebdb47e165
Secunia Security Advisory 20714
Posted Jun 25, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Open WebMail, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | c7f94cd74907cef1790a35411c292332779786a0c168ebd272f7349e32bfdcbc
V-Webmail1.6.4.txt
Posted May 29, 2006
Authored by beford

V-Webmail 1.6.4 suffers from a remote file inclusion vulnerability.

tags | advisory, remote, file inclusion
SHA-256 | 2fe933d5ce79a0383b793f795ba79493400b6b896764106686f0ede16723855c
Secunia Security Advisory 20297
Posted May 26, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - beford has discovered a vulnerability in V-webmail, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 3c9cfbf4abd4b99b87e728e218e119d9e8218a9926b0cbe926f8e24195f6e656
Gentoo Linux Security Advisory 200603-9
Posted Mar 13, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200603-09 - SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting. Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting. Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection. Versions less than 1.4.6 are affected.

tags | advisory, php, imap, xss
systems | linux, gentoo
advisories | CVE-2006-0188, CVE-2006-0195, CVE-2006-0377
SHA-256 | effed19ca1e9f98b10b94fcf1e8a084c0d7eba2068bed2c586d1832ff2907aa7
Debian Linux Security Advisory 988-1
Posted Mar 9, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 988-1 - Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | e5ff871fa8d86d411ef7175c10b9746eedae28f1dd6702cddc0d546beb38c963
Secunia Security Advisory 19036
Posted Mar 1, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has reported a vulnerability in iGENUS Webmail, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 57fa6ed74582b141751c41bef453067e6524416529c6328c657b4c68664975d6
Page 4 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close