RSS   Vulnerabilities for 'Active! mail'   RSS

2013-04-04
 
CVE-2013-2302

CWE-200
 

 
TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server.

 
2010-11-05
 
CVE-2010-3913

CWE-94
 

 
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

 
2009-12-17
 
CVE-2009-4354

CWE-255
 

 
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.

 
 
CVE-2009-4353

CWE-Other
 

 
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.

 

 >>> Vendor: Transware 3 Products
Active mail
Active mail 2003
Active! mail


Copyright 2017, cxsecurity.com