Vulnerabilities > Amax Information Technologies

DATE CVE VULNERABILITY TITLE RISK
2006-03-19 CVE-2006-1250 Multiple Unspecified vulnerability in Amax Information Technologies Winmail 4.3
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.
network
low complexity
amax-information-technologies
critical
10.0
2005-11-25 CVE-2005-3811 Unspecified vulnerability in Amax Information Technologies Magic Winmail Server
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
network
low complexity
amax-information-technologies
5.0
2005-11-19 CVE-2005-3692 Input Validation vulnerability in Amax Information Technologies Magic Winmail Server 4.2
Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.
4.3
2005-01-27 CVE-2005-0315 Multiple vulnerability in Amax Information Technologies Magic Winmail Server 4.0
The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.
local
low complexity
amax-information-technologies
4.6
2005-01-27 CVE-2005-0314 Multiple vulnerability in Magic Winmail Server
Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.
4.3
2005-01-27 CVE-2005-0313 Multiple vulnerability in Amax Information Technologies Magic Winmail Server 4.0
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
network
low complexity
amax-information-technologies
7.5
2004-12-31 CVE-2004-2572 Remote Installation Path Disclosure vulnerability in Amax Information Technologies Magic Winmail Server 3.6
AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.
network
low complexity
amax-information-technologies
5.0
2003-07-02 CVE-2003-0391 Denial-Of-Service vulnerability in Magic Winmail Server
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
network
low complexity
amax-information-technologies
7.5