RSS   Vulnerabilities for 'Neomail'   RSS

2006-05-02
 
CVE-2006-2138

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.

 
2006-02-15
 
CVE-2006-0711

 

 
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.

 
2006-02-03
 
CVE-2006-0536

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort".

 


Copyright 2024, cxsecurity.com

 

Back to Top