Vulnerabilites related to open_webmail - open_webmail
cve-2006-3229
Vulnerability from cvelistv5
Published
2006-06-27 01:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27309 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20714 | third-party-advisory, x_refsource_SECUNIA | |
| http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236 | x_refsource_CONFIRM | |
| http://openwebmail.org/openwebmail/doc/changes.txt | x_refsource_CONFIRM | |
| http://www.attrition.org/pipermail/vim/2006-June/000902.html | mailing-list, x_refsource_VIM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20714"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20714"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openwebmail-read-xss(27309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20714"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236"
},
{
"name": "http://openwebmail.org/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3229",
"datePublished": "2006-06-27T01:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2458
Vulnerability from cvelistv5
Published
2005-08-20 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/10087 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15822 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11334 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2458",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-08-20T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1435
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1013859 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/15225 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/forum/message.php?msg_id=3128678 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:41:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013859",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15225"
},
{
"name": "http://sourceforge.net/forum/message.php?msg_id=3128678",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1435",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0520
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "oval:org.mitre.oval:def:1012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"name": "oval:org.mitre.oval:def:10766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"name": "GLSA-200406-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "10439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "[squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "oval:org.mitre.oval:def:1012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"name": "oval:org.mitre.oval:def:10766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"name": "GLSA-200406-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "10439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "[squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "12289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12289"
},
{
"name": "oval:org.mitre.oval:def:1012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"name": "oval:org.mitre.oval:def:10766",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"name": "GLSA-200406-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "FEDORA-2004-160",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "10439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10439"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "[squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28",
"refsource": "MLIST",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0520",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-06-02T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4172
Vulnerability from cvelistv5
Published
2007-08-07 10:00
Modified
2024-08-07 14:46
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/25175 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35754 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/2965 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4172",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-08-07T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2863
Vulnerability from cvelistv5
Published
2005-09-08 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112603902716918&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/14771 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/16734/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:28.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16734/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16734/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16734/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2863",
"datePublished": "2005-09-08T04:00:00",
"dateReserved": "2005-09-08T00:00:00",
"dateUpdated": "2024-08-07T22:53:28.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1385
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6425 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=104032263328026&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=104031696120743&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10904 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6425"
},
{
"name": "20021219 [Fix] Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"name": "20021218 Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"name": "open-webmail-command-execution(10904)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6425"
},
{
"name": "20021219 [Fix] Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"name": "20021218 Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"name": "open-webmail-command-execution(10904)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6425"
},
{
"name": "20021219 [Fix] Openwebmail 1.71 remote root compromise",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"name": "20021218 Openwebmail 1.71 remote root compromise",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"name": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"name": "open-webmail-command-execution(10904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1385",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-12-19T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2190
Vulnerability from cvelistv5
Published
2006-05-04 10:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26105 | vdb-entry, x_refsource_XF | |
| http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233&limit=33 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/16734 | third-party-advisory, x_refsource_SECUNIA | |
| http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html | mailing-list, x_refsource_MLIST | |
| http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"refsource": "MLIST",
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2190",
"datePublished": "2006-05-04T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:27.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0639
Vulnerability from cvelistv5
Published
2004-07-09 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16285 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108611554415078&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2004/dsa-535 | vendor-advisory, x_refsource_DEBIAN | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973 | x_refsource_CONFIRM | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.securityfocus.com/bid/10450 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "squirrelmail-from-header-xss(16285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "squirrelmail-from-header-xss(16285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "squirrelmail-from-header-xss(16285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "DSA-535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"name": "CLA-2004:858",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0639",
"datePublished": "2004-07-09T04:00:00",
"dateReserved": "2004-07-08T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0445
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/14253 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/12547 | vdb-entry, x_refsource_BID | |
| http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19335 | vdb-entry, x_refsource_XF | |
| http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013172 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"name": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch",
"refsource": "CONFIRM",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"name": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0445",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2284
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16549 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1010605 | vdb-entry, x_refsource_SECTRACK | |
| http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/10637 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/12017 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/7474 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010605"
},
{
"name": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2284",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2410
Vulnerability from cvelistv5
Published
2007-11-01 17:00
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10684.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/6232 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:12.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "open-webmail-information-disclosure(10684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "open-webmail-information-disclosure(10684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-information-disclosure(10684)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2410",
"datePublished": "2007-11-01T17:00:00Z",
"dateReserved": "2007-11-01T00:00:00Z",
"dateUpdated": "2024-09-17T03:58:38.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3233
Vulnerability from cvelistv5
Published
2006-06-27 10:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27309 | vdb-entry, x_refsource_XF | |
| http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/20714 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/2485 | vdb-entry, x_refsource_VUPEN | |
| http://openwebmail.org/openwebmail/doc/changes.txt | x_refsource_CONFIRM | |
| http://www.attrition.org/pipermail/vim/2006-June/000902.html | mailing-list, x_refsource_VIM | |
| http://www.securityfocus.com/bid/18598 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openwebmail-read-xss(27309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237"
},
{
"name": "20714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"name": "http://openwebmail.org/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3233",
"datePublished": "2006-06-27T10:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
],
"id": "CVE-2004-2458",
"lastModified": "2024-11-20T23:53:24.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11334"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-27 01:05
Modified
2024-11-21 00:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * | |
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.5 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "693C80B3-C668-4F4F-B8A7-9AD4E56C024F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BEB39A-379D-4E81-AF38-4D798C771DAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Open WebMail (OWM) v2.52, otras versiones lanzadas con anteriorioridad a 12/05/2006, permite a atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de los campos (1)A: y (2) Desde: en openwebmail-main.pl, y probablemente (3) otros vectores no especificados relacionados con llamadas \"openwebmailerror que necesitan mostrar HTML.\""
}
],
"id": "CVE-2006-3229",
"lastModified": "2024-11-21T00:13:07.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-27T01:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-04 12:38
Modified
2024-11-21 00:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * | |
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.00 | |
| open_webmail | open_webmail | 2.01 | |
| open_webmail | open_webmail | 2.10 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.40 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C796754-5EF1-4ED9-8FBE-852651FECB07",
"versionEndIncluding": "2.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "53783E69-4E5E-4AAD-A280-338E131478C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6F32A212-11C1-432A-9ECD-844CD4EC3EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30D334D8-D50F-45DA-9267-F2A4722BF4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "162770C7-AF47-437C-A0D7-9F92D86DC951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE131E5-B180-4751-B81B-459CA0207DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nOpen WebMail, Open WebMail, 2.52",
"id": "CVE-2006-2190",
"lastModified": "2024-11-21T00:10:45.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-05-04T12:38:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
],
"id": "CVE-2004-2284",
"lastModified": "2024-11-20T23:52:57.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12017"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/7474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/7474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.71 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
],
"id": "CVE-2002-2410",
"lastModified": "2024-11-20T23:43:37.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-07 10:17
Modified
2024-11-21 00:34
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Open Webmail (OWM) 2.52 20060831 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) searchtype, (2) longpage y (3) page para (a) openwebmail-main.pl; los par\u00e1metros (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder y (9) message_id para (b) openwebmail-prefs.pl; los par\u00e1metros (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page y (16) sort para (c) openwebmail-send.pl; los par\u00e1metros (17) folder, (18) page y (19) sort para (d) openwebmail-folder.pl; los par\u00e1metros (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail y (26) message_id parameters para (e) openwebmail-webdisk.pl; el par\u00e1metro (27) folder para (f) openwebmail-advsearch.pl; y los par\u00e1metros (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid y (39) listviewmode para (g) openwebmail-abook.pl, diferentes vectores a CVE-2005-2863, CVE-2006-2190, CVE-2006-3229 y CVE-2006-3233."
}
],
"id": "CVE-2007-4172",
"lastModified": "2024-11-21T00:34:57.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-07T10:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2965"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C796754-5EF1-4ED9-8FBE-852651FECB07",
"versionEndIncluding": "2.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
],
"id": "CVE-2005-1435",
"lastModified": "2024-11-20T23:57:20.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15225"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| sgi | propack | 3.0 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.5_dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*",
"matchCriteriaId": "49EA7F58-14C6-4860-B276-46C9FCF91B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script de su elecci\u00f3n mediante (1) la variable $mailer en read_body.php, (2) la variable $senderNames_part en mailbox_display.php, y posiblemente otros vectores,incluyendo (3) la variable $event_text."
}
],
"id": "CVE-2004-0639",
"lastModified": "2024-11-20T23:49:02.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10450"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-26 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed."
},
{
"lang": "es",
"value": "openwebmail_init en Open WebMail 1.81 y anteriores permiten a usuarios locales ejecutar c\u00f3digo arbitrario mediante secuencias .. (punto punto) en un nombre de inicio de sesi\u00f3n, como el nombre suministrado en el par\u00e1metro sessionid de openwebmail-abook.pl, que es usado para encontrar un fichero de configuraci\u00f3n que especifica c\u00f3digo adicional para ser ejecutado."
}
],
"id": "CVE-2002-1385",
"lastModified": "2024-11-20T23:41:11.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6425"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-08 23:03
Modified
2024-11-21 00:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.41 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
],
"id": "CVE-2005-2863",
"lastModified": "2024-11-21T00:00:36.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-08T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14771"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| sgi | propack | 3.0 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.5_dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*",
"matchCriteriaId": "49EA7F58-14C6-4860-B276-46C9FCF91B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elecci\u00f3n mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php."
}
],
"id": "CVE-2004-0520",
"lastModified": "2024-11-20T23:48:46.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11870"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-27 10:05
Modified
2024-11-21 00:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * | |
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.5 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "693C80B3-C668-4F4F-B8A7-9AD4E56C024F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BEB39A-379D-4E81-AF38-4D798C771DAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en openwebmail-read.pl en Open WebMail (OWM) v2.52, y otras versiones relacionadas anteriores a 06/18/2006, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo from. NOTA: terceras partes han mencionado los campos \"to\" y \"from\", aunque los an\u00e1lisis CVE muestran que \u00e9stos est\u00e1n asociados con la versi\u00f3n previa, un ejecutable diferente, y una CVE diferente"
}
],
"id": "CVE-2006-3233",
"lastModified": "2024-11-21T00:13:08.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-27T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18598"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.00 | |
| open_webmail | open_webmail | 2.01 | |
| open_webmail | open_webmail | 2.10 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.40 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "53783E69-4E5E-4AAD-A280-338E131478C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6F32A212-11C1-432A-9ECD-844CD4EC3EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30D334D8-D50F-45DA-9267-F2A4722BF4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "162770C7-AF47-437C-A0D7-9F92D86DC951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE131E5-B180-4751-B81B-459CA0207DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
],
"id": "CVE-2005-0445",
"lastModified": "2024-11-20T23:55:08.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14253"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013172"
},
{
"source": "cve@mitre.org",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}