Search criteria
39 vulnerabilities found for open_webmail by open_webmail
CVE-2002-2410 (GCVE-0-2002-2410)
Vulnerability from cvelistv5 – Published: 2007-11-01 17:00 – Updated: 2024-09-17 03:58
VLAI?
Summary
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:12.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "open-webmail-information-disclosure(10684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "open-webmail-information-disclosure(10684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-information-disclosure(10684)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2410",
"datePublished": "2007-11-01T17:00:00Z",
"dateReserved": "2007-11-01T00:00:00Z",
"dateUpdated": "2024-09-17T03:58:38.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4172 (GCVE-0-2007-4172)
Vulnerability from cvelistv5 – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4172",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-08-07T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3233 (GCVE-0-2006-3233)
Vulnerability from cvelistv5 – Published: 2006-06-27 10:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openwebmail-read-xss(27309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237"
},
{
"name": "20714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"name": "http://openwebmail.org/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3233",
"datePublished": "2006-06-27T10:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3229 (GCVE-0-2006-3229)
Vulnerability from cvelistv5 – Published: 2006-06-27 01:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20714"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20714"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openwebmail-read-xss(27309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20714"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236"
},
{
"name": "http://openwebmail.org/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3229",
"datePublished": "2006-06-27T01:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2190 (GCVE-0-2006-2190)
Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"refsource": "MLIST",
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2190",
"datePublished": "2006-05-04T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:27.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2863 (GCVE-0-2005-2863)
Vulnerability from cvelistv5 – Published: 2005-09-08 04:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:28.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16734/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16734/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16734/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2863",
"datePublished": "2005-09-08T04:00:00",
"dateReserved": "2005-09-08T00:00:00",
"dateUpdated": "2024-08-07T22:53:28.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2458 (GCVE-0-2004-2458)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2458",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-08-20T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2284 (GCVE-0-2004-2284)
Vulnerability from cvelistv5 – Published: 2005-07-19 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010605"
},
{
"name": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2284",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1435 (GCVE-0-2005-1435)
Vulnerability from cvelistv5 – Published: 2005-05-03 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:41:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013859",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15225"
},
{
"name": "http://sourceforge.net/forum/message.php?msg_id=3128678",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1435",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0445 (GCVE-0-2005-0445)
Vulnerability from cvelistv5 – Published: 2005-02-15 05:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"name": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch",
"refsource": "CONFIRM",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"name": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0445",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1385 (GCVE-0-2002-1385)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6425"
},
{
"name": "20021219 [Fix] Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"name": "20021218 Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"name": "open-webmail-command-execution(10904)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6425"
},
{
"name": "20021219 [Fix] Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"name": "20021218 Openwebmail 1.71 remote root compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"name": "open-webmail-command-execution(10904)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6425"
},
{
"name": "20021219 [Fix] Openwebmail 1.71 remote root compromise",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104032263328026\u0026w=2"
},
{
"name": "20021218 Openwebmail 1.71 remote root compromise",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104031696120743\u0026w=2"
},
{
"name": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?thread_id=782605\u0026forum_id=108435"
},
{
"name": "open-webmail-command-execution(10904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1385",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-12-19T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2410 (GCVE-0-2002-2410)
Vulnerability from nvd – Published: 2007-11-01 17:00 – Updated: 2024-09-17 03:58
VLAI?
Summary
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:12.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "open-webmail-information-disclosure(10684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "open-webmail-information-disclosure(10684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-information-disclosure(10684)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2410",
"datePublished": "2007-11-01T17:00:00Z",
"dateReserved": "2007-11-01T00:00:00Z",
"dateUpdated": "2024-09-17T03:58:38.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4172 (GCVE-0-2007-4172)
Vulnerability from nvd – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"name": "25175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"name": "openwebmail-multiple-xss(35754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"name": "2965",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4172",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-08-07T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3233 (GCVE-0-2006-3233)
Vulnerability from nvd – Published: 2006-06-27 10:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openwebmail-read-xss(27309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237"
},
{
"name": "20714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20714"
},
{
"name": "ADV-2006-2485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"name": "http://openwebmail.org/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"name": "18598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3233",
"datePublished": "2006-06-27T10:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3229 (GCVE-0-2006-3229)
Vulnerability from nvd – Published: 2006-06-27 01:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20714"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openwebmail-read-xss(27309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20714"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openwebmail-read-xss(27309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"name": "20714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20714"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236"
},
{
"name": "http://openwebmail.org/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"name": "20060626 Openwebmail: 2 XSS vulns not one, and some version hints",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3229",
"datePublished": "2006-06-27T01:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2190 (GCVE-0-2006-2190)
Vulnerability from nvd – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"name": "openwebmail-multiple-scripts-xss(26105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"name": "16734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16734"
},
{
"name": "[owm-announce] 20060502 OpenWebMail version 2.52",
"refsource": "MLIST",
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"name": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233",
"refsource": "CONFIRM",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2190",
"datePublished": "2006-05-04T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:27.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2863 (GCVE-0-2005-2863)
Vulnerability from nvd – Published: 2005-09-08 04:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:28.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16734/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16734/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050903 I have discovered small xss error in open webmail 2.41",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"name": "14771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14771"
},
{
"name": "16734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16734/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2863",
"datePublished": "2005-09-08T04:00:00",
"dateReserved": "2005-09-08T00:00:00",
"dateUpdated": "2024-08-07T22:53:28.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2458 (GCVE-0-2004-2458)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2458",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-08-20T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2284 (GCVE-0-2004-2284)
Vulnerability from nvd – Published: 2005-07-19 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-vacation-program-execution(16549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"name": "1010605",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010605"
},
{
"name": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2284",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1435 (GCVE-0-2005-1435)
Vulnerability from nvd – Published: 2005-05-03 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:41:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013859",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013859"
},
{
"name": "15225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15225"
},
{
"name": "http://sourceforge.net/forum/message.php?msg_id=3128678",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1435",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0445 (GCVE-0-2005-0445)
Vulnerability from nvd – Published: 2005-02-15 05:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14253"
},
{
"name": "12547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"name": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch",
"refsource": "CONFIRM",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"name": "open-webmail-logindomain-xss(19335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"name": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt",
"refsource": "CONFIRM",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"name": "1013172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0445",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2007-4172
Vulnerability from fkie_nvd - Published: 2007-08-07 10:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Open Webmail (OWM) 2.52 20060831 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) searchtype, (2) longpage y (3) page para (a) openwebmail-main.pl; los par\u00e1metros (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder y (9) message_id para (b) openwebmail-prefs.pl; los par\u00e1metros (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page y (16) sort para (c) openwebmail-send.pl; los par\u00e1metros (17) folder, (18) page y (19) sort para (d) openwebmail-folder.pl; los par\u00e1metros (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail y (26) message_id parameters para (e) openwebmail-webdisk.pl; el par\u00e1metro (27) folder para (f) openwebmail-advsearch.pl; y los par\u00e1metros (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid y (39) listviewmode para (g) openwebmail-abook.pl, diferentes vectores a CVE-2005-2863, CVE-2006-2190, CVE-2006-3229 y CVE-2006-3233."
}
],
"id": "CVE-2007-4172",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-07T10:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2965"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3233
Vulnerability from fkie_nvd - Published: 2006-06-27 10:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * | |
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.5 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "693C80B3-C668-4F4F-B8A7-9AD4E56C024F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BEB39A-379D-4E81-AF38-4D798C771DAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the \"to\" and \"from\" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en openwebmail-read.pl en Open WebMail (OWM) v2.52, y otras versiones relacionadas anteriores a 06/18/2006, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo from. NOTA: terceras partes han mencionado los campos \"to\" y \"from\", aunque los an\u00e1lisis CVE muestran que \u00e9stos est\u00e1n asociados con la versi\u00f3n previa, un ejecutable diferente, y una CVE diferente"
}
],
"id": "CVE-2006-3233",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-27T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18598"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3229
Vulnerability from fkie_nvd - Published: 2006-06-27 01:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * | |
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.5 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "693C80B3-C668-4F4F-B8A7-9AD4E56C024F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BEB39A-379D-4E81-AF38-4D798C771DAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Open WebMail (OWM) v2.52, otras versiones lanzadas con anteriorioridad a 12/05/2006, permite a atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de los campos (1)A: y (2) Desde: en openwebmail-main.pl, y probablemente (3) otros vectores no especificados relacionados con llamadas \"openwebmailerror que necesitan mostrar HTML.\""
}
],
"id": "CVE-2006-3229",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-27T01:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.org/openwebmail/doc/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.attrition.org/pipermail/vim/2006-June/000902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2190
Vulnerability from fkie_nvd - Published: 2006-05-04 12:38 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * | |
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.00 | |
| open_webmail | open_webmail | 2.01 | |
| open_webmail | open_webmail | 2.10 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.40 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C796754-5EF1-4ED9-8FBE-852651FECB07",
"versionEndIncluding": "2.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "53783E69-4E5E-4AAD-A280-338E131478C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6F32A212-11C1-432A-9ECD-844CD4EC3EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30D334D8-D50F-45DA-9267-F2A4722BF4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "162770C7-AF47-437C-A0D7-9F92D86DC951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE131E5-B180-4751-B81B-459CA0207DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nOpen WebMail, Open WebMail, 2.52",
"id": "CVE-2006-2190",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-05-04T12:38:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
},
{
"source": "cve@mitre.org",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233\u0026limit=33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2863
Vulnerability from fkie_nvd - Published: 2005-09-08 23:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.41 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter."
}
],
"id": "CVE-2005-2863",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-08T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112603902716918\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16734/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14771"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-1435
Vulnerability from fkie_nvd - Published: 2005-05-03 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C796754-5EF1-4ED9-8FBE-852651FECB07",
"versionEndIncluding": "2.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
],
"id": "CVE-2005-1435",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15225"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/forum/message.php?msg_id=3128678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0445
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.00 | |
| open_webmail | open_webmail | 2.01 | |
| open_webmail | open_webmail | 2.10 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.32 | |
| open_webmail | open_webmail | 2.40 | |
| open_webmail | open_webmail | 2.41 | |
| open_webmail | open_webmail | 2.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "53783E69-4E5E-4AAD-A280-338E131478C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6F32A212-11C1-432A-9ECD-844CD4EC3EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30D334D8-D50F-45DA-9267-F2A4722BF4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "162770C7-AF47-437C-A0D7-9F92D86DC951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE131E5-B180-4751-B81B-459CA0207DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page."
}
],
"id": "CVE-2005-0445",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14253"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013172"
},
{
"source": "cve@mitre.org",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2284
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.20 | |
| open_webmail | open_webmail | 2.21 | |
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
],
"id": "CVE-2004-2284",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12017"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/7474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/7474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2458
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 1.7 | |
| open_webmail | open_webmail | 1.8 | |
| open_webmail | open_webmail | 1.71 | |
| open_webmail | open_webmail | 1.81 | |
| open_webmail | open_webmail | 1.90 | |
| open_webmail | open_webmail | 2.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
],
"id": "CVE-2004-2458",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11334"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}