Open Webmail

Open Webmail

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-4172

  • EPSS 0.29%
  • Published 07.08.2007 10:17:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl...

4.3

CVE-2006-3233

  • EPSS 0.53%
  • Published 27.06.2006 10:05:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sour...

4.3

CVE-2006-3229

  • EPSS 0.43%
  • Published 27.06.2006 01:05:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly...

6.8

CVE-2006-2190

Exploit
  • EPSS 1.92%
  • Published 04.05.2006 12:38:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) op...

4.3

CVE-2005-2863

  • EPSS 0.34%
  • Published 08.09.2005 23:03:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.

7.5

CVE-2005-1435

  • EPSS 1.32%
  • Published 03.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.

4.3

CVE-2005-0445

  • EPSS 0.53%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.

10

CVE-2004-2284

  • EPSS 4.17%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

5

CVE-2004-2458

  • EPSS 0.35%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.

6.8

CVE-2004-0520

Exploit
  • EPSS 14.93%
  • Published 18.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.