Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-29 | CVE-2005-0104 | Unspecified vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. network squirrelmail | 4.3 |
2005-01-29 | CVE-2005-0075 | Unspecified vulnerability in Squirrelmail prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | 5.0 |
2005-01-28 | CVE-2005-0320 | Remote vulnerability in Icewarp web Mail 5.3 Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. | 5.0 |
2005-01-28 | CVE-2005-0319 | Remote vulnerability in Alt-N Webadmin 3.0.3 Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. network alt-n | 4.3 |
2005-01-28 | CVE-2005-0318 | Remote vulnerability in Alt-N Webadmin 3.0.2 useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter. | 2.1 |
2005-01-28 | CVE-2005-0317 | Remote vulnerability in Alt-N Webadmin 3.0.2 Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. network alt-n | 4.3 |
2005-01-28 | CVE-2005-0316 | Unspecified vulnerability in Webwasher Classic 2.2.1/3.3 WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions. | 7.5 |
2005-01-27 | CVE-2005-0315 | Multiple vulnerability in Amax Information Technologies Magic Winmail Server 4.0 The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. | 4.6 |
2005-01-27 | CVE-2005-0314 | Multiple vulnerability in Magic Winmail Server Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. network amax-information-technologies | 4.3 |
2005-01-27 | CVE-2005-0313 | Multiple vulnerability in Amax Information Technologies Magic Winmail Server 4.0 Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE. | 7.5 |