RSS   Vulnerabilities for 'Postmaster'   RSS

2005-05-18
 
CVE-2005-1653

 

 
Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.

 
 
CVE-2005-1652

 

 
message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.

 
 
CVE-2005-1651

 

 
Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter.

 
 
CVE-2005-1650

 

 
The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.

 


Copyright 2024, cxsecurity.com

 

Back to Top