Vulnerabilities > Aeromail

DATE CVE VULNERABILITY TITLE RISK
2002-08-12 CVE-2002-0411 Unspecified vulnerability in Aeromail
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
network
low complexity
aeromail
7.5
2002-07-26 CVE-2002-0410 Unspecified vulnerability in Aeromail
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
network
low complexity
aeromail
5.0