Vulnerabilites related to basilix - basilix_webmail
cve-2002-1708
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5060 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9384 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html | mailing-list, x_refsource_VULNWATCH | |
| http://online.securityfocus.com/archive/1/277710 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:34:56.204Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "5060", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5060", }, { name: "basilix-webmail-headers-css(9384)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9384", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/277710", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-06-18T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "5060", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5060", }, { name: "basilix-webmail-headers-css(9384)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9384", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/277710", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1708", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "5060", refsource: "BID", url: "http://www.securityfocus.com/bid/5060", }, { name: "basilix-webmail-headers-css(9384)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9384", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "20020618 BasiliX multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/277710", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1708", datePublished: "2005-06-21T04:00:00", dateReserved: "2005-06-21T00:00:00", dateUpdated: "2024-08-08T03:34:56.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1709
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html | mailing-list, x_refsource_VULNWATCH | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9385 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5061 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/277710 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:34:56.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "basilix-webmail-sql-injection(9385)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9385", }, { name: "5061", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5061", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/277710", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-06-18T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "basilix-webmail-sql-injection(9385)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9385", }, { name: "5061", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5061", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/277710", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1709", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "basilix-webmail-sql-injection(9385)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9385", }, { name: "5061", refsource: "BID", url: "http://www.securityfocus.com/bid/5061", }, { name: "20020618 BasiliX multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/277710", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1709", datePublished: "2005-06-21T04:00:00", dateReserved: "2005-06-21T00:00:00", dateUpdated: "2024-08-08T03:34:56.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1711
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9387 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/5065 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/277710 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:34:55.818Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "basilix-webmail-view-attachments(9387)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "5065", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5065", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/277710", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-06-19T00:00:00", descriptions: [ { lang: "en", value: "BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "basilix-webmail-view-attachments(9387)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "5065", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5065", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/277710", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1711", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "basilix-webmail-view-attachments(9387)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "5065", refsource: "BID", url: "http://www.securityfocus.com/bid/5065", }, { name: "20020618 BasiliX multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/277710", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1711", datePublished: "2005-06-21T04:00:00", dateReserved: "2005-06-21T00:00:00", dateUpdated: "2024-08-08T03:34:55.818Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1044
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/155897 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/2198 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5934 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:06.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20010112 Basilix Webmail System *.class *.inc Permission Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/155897", }, { name: "2198", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/2198", }, { name: "basilix-webmail-retrieve-files(5934)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5934", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-01-12T00:00:00", descriptions: [ { lang: "en", value: "Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-18T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20010112 Basilix Webmail System *.class *.inc Permission Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/155897", }, { name: "2198", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/2198", }, { name: "basilix-webmail-retrieve-files(5934)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5934", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1044", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20010112 Basilix Webmail System *.class *.inc Permission Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/155897", }, { name: "2198", refsource: "BID", url: "http://www.securityfocus.com/bid/2198", }, { name: "basilix-webmail-retrieve-files(5934)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5934", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1044", datePublished: "2002-02-02T05:00:00", dateReserved: "2002-01-31T00:00:00", dateUpdated: "2024-08-08T04:44:06.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-5167
Vulnerability from cvelistv5
Published
2006-10-04 00:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22231 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29289 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/20287 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/2465 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2006/3866 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/29403 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:41:04.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "22231", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22231", }, { name: "basilix-bsxlibdir-file-include(29289)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289", }, { name: "20287", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20287", }, { name: "2465", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/2465", }, { name: "ADV-2006-3866", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3866", }, { name: "29403", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/29403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-10-01T00:00:00", descriptions: [ { lang: "en", value: "Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-18T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "22231", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22231", }, { name: "basilix-bsxlibdir-file-include(29289)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289", }, { name: "20287", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20287", }, { name: "2465", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/2465", }, { name: "ADV-2006-3866", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3866", }, { name: "29403", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/29403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-5167", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "22231", refsource: "SECUNIA", url: "http://secunia.com/advisories/22231", }, { name: "basilix-bsxlibdir-file-include(29289)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289", }, { name: "20287", refsource: "BID", url: "http://www.securityfocus.com/bid/20287", }, { name: "2465", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/2465", }, { name: "ADV-2006-3866", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/3866", }, { name: "29403", refsource: "OSVDB", url: "http://www.osvdb.org/29403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-5167", datePublished: "2006-10-04T00:00:00", dateReserved: "2006-10-03T00:00:00", dateUpdated: "2024-08-07T19:41:04.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1710
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5062 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9386 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html | mailing-list, x_refsource_VULNWATCH | |
| http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:34:56.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "5062", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5062", }, { name: "basilix-webmail-attach-files(9386)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-06-18T00:00:00", descriptions: [ { lang: "en", value: "The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "5062", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5062", }, { name: "basilix-webmail-attach-files(9386)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "20020618 BasiliX multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1710", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "5062", refsource: "BID", url: "http://www.securityfocus.com/bid/5062", }, { name: "basilix-webmail-attach-files(9386)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386", }, { name: "20020619 [VulnWatch] BasiliX multiple vulnerabilities", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { name: "20020618 BasiliX multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1710", datePublished: "2005-06-21T04:00:00", dateReserved: "2005-06-21T00:00:00", dateUpdated: "2024-08-08T03:34:56.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1045
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2995 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6873 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:06.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "2995", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/2995", }, { name: "20010706 basilix bug", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html", }, { name: "basilix-webmail-view-files(6873)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6873", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-01-12T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-18T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "2995", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/2995", }, { name: "20010706 basilix bug", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html", }, { name: "basilix-webmail-view-files(6873)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6873", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1045", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "2995", refsource: "BID", url: "http://www.securityfocus.com/bid/2995", }, { name: "20010706 basilix bug", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html", }, { name: "basilix-webmail-view-files(6873)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6873", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1045", datePublished: "2002-02-02T05:00:00", dateReserved: "2002-01-31T00:00:00", dateUpdated: "2024-08-08T04:44:06.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2001-07-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/2995 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6873 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2995 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6873 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | 1.02_beta | |
| basilix | basilix_webmail | 1.03_beta |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.02_beta:*:*:*:*:*:*:*", matchCriteriaId: "E241BC1A-DAC9-4060-B32B-9E5B7154D169", vulnerable: true, }, { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.03_beta:*:*:*:*:*:*:*", matchCriteriaId: "8C8E1917-6CF0-48F9-9158-991641D67B1F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.", }, ], id: "CVE-2001-1045", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-07-06T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/2995", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/2995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6873", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4B4F9725-BAE3-4D86-9810-4585978DA041", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.", }, ], id: "CVE-2002-1711", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/archive/1/277710", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/5065", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/archive/1/277710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/5065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-01-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/155897 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/2198 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5934 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/155897 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2198 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5934 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | 0.9.7_beta |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:0.9.7_beta:*:*:*:*:*:*:*", matchCriteriaId: "477EE6E0-941F-4667-B879-A523B012CE6E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.", }, ], id: "CVE-2001-1044", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-01-11T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/155897", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/2198", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/155897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/2198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5934", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-10-05 04:04
Modified
2024-11-21 00:18
Severity ?
Summary
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | * | |
| basilix | basilix_webmail | 0.9.7_beta | |
| basilix | basilix_webmail | 1.1.0 | |
| basilix | basilix_webmail | 1.02_beta | |
| basilix | basilix_webmail | 1.03_beta |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:*:*:*:*:*:*:*:*", matchCriteriaId: "AD6B8F89-207A-4B42-9D9B-BE101F26143E", versionEndIncluding: "1.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:basilix:basilix_webmail:0.9.7_beta:*:*:*:*:*:*:*", matchCriteriaId: "477EE6E0-941F-4667-B879-A523B012CE6E", vulnerable: true, }, { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4B4F9725-BAE3-4D86-9810-4585978DA041", vulnerable: true, }, { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.02_beta:*:*:*:*:*:*:*", matchCriteriaId: "E241BC1A-DAC9-4060-B32B-9E5B7154D169", vulnerable: true, }, { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.03_beta:*:*:*:*:*:*:*", matchCriteriaId: "8C8E1917-6CF0-48F9-9158-991641D67B1F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.", }, { lang: "es", value: "Múltiples vulnerabilidades PHP de inclusión remota de archivo en BasiliX 1.1.1 y anteriores permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el (1) parámetro BSX_LIBDIR en secuencias de comandos en /files/ incluyendo (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, o (u) settings.php3; y el (2) parámetro BSX_HTXDIR en (v) files/login.php3.", }, ], evaluatorSolution: "Successful exploitation requires that \"register_globals\" is enabled.", id: "CVE-2006-5167", lastModified: "2024-11-21T00:18:08.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-10-05T04:04:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://secunia.com/advisories/22231", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/29403", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/20287", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/3866", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/2465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://secunia.com/advisories/22231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/29403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/20287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/3866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/2465", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4B4F9725-BAE3-4D86-9810-4585978DA041", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.", }, ], id: "CVE-2002-1709", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/archive/1/277710", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/5061", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9385", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/archive/1/277710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/5061", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9385", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4B4F9725-BAE3-4D86-9810-4585978DA041", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.", }, ], id: "CVE-2002-1710", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/5062", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/5062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| basilix | basilix_webmail | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:basilix:basilix_webmail:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4B4F9725-BAE3-4D86-9810-4585978DA041", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.", }, ], id: "CVE-2002-1708", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/archive/1/277710", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/5060", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/archive/1/277710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/5060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/9384", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }