RSS   Vulnerabilities for 'Sqwebmail'   RSS

2005-09-07
 
CVE-2005-2820

 
 
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".

 
2005-09-02
 
CVE-2005-2769

 
 
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.

 
2005-08-30
 
CVE-2005-2724

 
 
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.

 
2005-04-15
 
CVE-2005-1308

 
 
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.

 
2004-12-31
 
CVE-2004-2313

 
 
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.

 
2004-08-06
 
CVE-2004-0591

 
 
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.

 

 >>> Vendor: Inter7 7 Products
Vpopmail
Vpopmail vchkpw
Qmailadmin
Courier-imap
Sqwebmail
Vpopmail (vchkpw)
Vhostadmin

Copyright 2024, cxsecurity.com

 

Back to Top