Sqwebmail

DATE	CVE	VULNERABILITY TITLE	RISK
2005-09-07	CVE-2005-2820	Unspecified vulnerability in Inter7 Sqwebmail 5.0.4 Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". network inter7	4.3
2005-09-02	CVE-2005-2769	Unspecified vulnerability in Inter7 Sqwebmail 5.0.4 Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. network inter7	4.3
2005-08-30	CVE-2005-2724	Unspecified vulnerability in Inter7 Sqwebmail Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. network inter7	4.3
2005-04-15	CVE-2005-1308	Unspecified vulnerability in Inter7 Sqwebmail SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. network low complexity inter7	7.5
2004-12-31	CVE-2004-2313	Unspecified vulnerability in Inter7 Sqwebmail Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. network low complexity inter7	5.0
2004-08-06	CVE-2004-0591	HTML Injection vulnerability in Inter7 Sqwebmail 4.0.4 Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. network inter7	6.8