Vulnerabilites related to atmail - atmail
Vulnerability from fkie_nvd
Published
2014-02-12 18:55
Modified
2024-11-21 01:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/<MessageID>/filenameOriginal/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8DDE67-2884-4623-95F1-7D8CAD33D0FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F66EEF4-613F-4900-8C0C-93F50DEDD5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540D2758-A0B7-40DB-8FF9-DEB8DEBAFA65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/\u003cMessageID\u003e/filenameOriginal/."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Atmail Webmail Server 6.6.x anterior a 6.6.3 y 7.0.x anterior a 7.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de PATH_INFO hacia index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/\u003cMessageID\u003e/filenameOriginal/."
}
],
"id": "CVE-2013-2585",
"lastModified": "2024-11-21T01:52:00.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-12T18:55:04.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-004"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://atmail.com/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://atmail.com/changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter."
},
{
"lang": "es",
"value": "atmail 6.5.0, permite un ataque de tipo XSS por medio del par\u00e1metro index.php/admin/index/ error"
}
],
"id": "CVE-2022-30776",
"lastModified": "2024-11-21T07:03:21.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T14:15:08.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40bhattronit96/cve-2022-30776-cd34f977c2b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40bhattronit96/cve-2022-30776-cd34f977c2b9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-27 19:15
Modified
2024-11-21 07:04
Severity ?
Summary
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:5.62:*:*:*:*:*:*:*",
"matchCriteriaId": "4C60A069-AA9E-401E-A513-387534FC44AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html\u0026FirstLoad=1\u0026HelpFile=file.html Search Terms field."
},
{
"lang": "es",
"value": "Atmail v5.62 permite ataques de tipo Cross-Site Scripting (XSS) a trav\u00e9s del campo \"mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html\u0026amp;FirstLoad=1\u0026amp;HelpFile=file.html Search Terms\"."
}
],
"id": "CVE-2022-31200",
"lastModified": "2024-11-21T07:04:06.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-27T19:15:09.887",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40rohitgautam26/cve-2022-31200-5117bac8d548"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://portswigger.net/blog/exploiting-xss-in-post-requests"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40rohitgautam26/cve-2022-31200-5117bac8d548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://portswigger.net/blog/exploiting-xss-in-post-requests"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-06 14:15
Modified
2024-11-21 01:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.exploit-db.com/exploits/20009 | Exploit, Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.securityfocus.com/bid/54630 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/20009 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54630 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz administrativa de Atmail Webmail Server versi\u00f3n 6.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo Date de un correo electr\u00f3nico."
}
],
"id": "CVE-2012-2593",
"lastModified": "2024-11-21T01:39:16.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-06T14:15:10.503",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54630"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 14:29
Modified
2024-11-21 03:36
Severity ?
Summary
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "475554FA-203F-43CE-9672-A479B53D8B85",
"versionEndIncluding": "7.8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account."
},
{
"lang": "es",
"value": "atmail anterior a versi\u00f3n 7.8.0.2, presenta un problema de tipo CSRF, permitiendo a un atacante crear una cuenta de usuario."
}
],
"id": "CVE-2017-9519",
"lastModified": "2024-11-21T03:36:18.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T14:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-15 15:15
Modified
2024-11-21 06:29
Severity ?
Summary
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** El panel de control WebAdmin en Atmail versi\u00f3n 6.5.0 (una versi\u00f3n lanzada en 2012) permite un ataque de tipo XSS por medio del par\u00e1metro format al URI por defecto. NOTA: Esta vulnerabilidad s\u00f3lo afecta a productos que ya no son soportados por el mantenedor"
}
],
"id": "CVE-2021-43574",
"lastModified": "2024-11-21T06:29:28.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-15T15:15:06.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2024-11-21 01:56
Severity ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atmail | atmail | * | |
| atmail | atmail | 6.3.0 | |
| atmail | atmail | 6.3.1 | |
| atmail | atmail | 6.3.2 | |
| atmail | atmail | 6.3.3 | |
| atmail | atmail | 6.3.4 | |
| atmail | atmail | 6.3.5 | |
| atmail | atmail | 6.3.6 | |
| atmail | atmail | 6.4.0 | |
| atmail | atmail | 6.4.1 | |
| atmail | atmail | 6.4.2 | |
| atmail | atmail | 6.5.0 | |
| atmail | atmail | 6.6.0 | |
| atmail | atmail | 6.6.1 | |
| atmail | atmail | 6.6.2 | |
| atmail | atmail | 6.20.4 | |
| atmail | atmail | 6.20.5 | |
| atmail | atmail | 6.20.6 | |
| atmail | atmail | 6.20.7 | |
| atmail | atmail | 6.20.8 | |
| atmail | atmail | 6.20.10 | |
| atmail | atmail | 6.20.11 | |
| atmail | atmail | 6.20.12 | |
| atmail | atmail | 6.20.13 | |
| atmail | atmail | 7.1.0 | |
| atmail | atmail | 7.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C669A8-B5BB-4D13-9683-4A10568E52E3",
"versionEndIncluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Atmail anterior a la versi\u00f3n 6.6.4, y 7.x anterior a 7.1.2, tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033."
}
],
"id": "CVE-2013-5034",
"lastModified": "2024-11-21T01:56:56.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-12T18:34:55.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://atmail.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://atmail.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 14:29
Modified
2024-11-21 03:36
Severity ?
Summary
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "475554FA-203F-43CE-9672-A479B53D8B85",
"versionEndIncluding": "7.8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails."
},
{
"lang": "es",
"value": "atmail anterior a versi\u00f3n 7.8.0.2, presenta un problema de tipo CSRF, permitiendo a un atacante cambiar el nombre de host SMTP y secuestrar todos los correos electr\u00f3nicos."
}
],
"id": "CVE-2017-9518",
"lastModified": "2024-11-21T03:36:18.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T14:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 14:29
Modified
2024-11-21 03:36
Severity ?
Summary
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "475554FA-203F-43CE-9672-A479B53D8B85",
"versionEndIncluding": "7.8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV."
},
{
"lang": "es",
"value": "atmail anterior a versi\u00f3n 7.8.0.2, presenta un problema de tipo CSRF, permitiendo a un atacante cargar e importar usuarios por medio de CSV."
}
],
"id": "CVE-2017-9517",
"lastModified": "2024-11-21T03:36:18.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T14:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2024-11-21 01:56
Severity ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atmail | atmail | * | |
| atmail | atmail | 6.3.0 | |
| atmail | atmail | 6.3.1 | |
| atmail | atmail | 6.3.2 | |
| atmail | atmail | 6.3.3 | |
| atmail | atmail | 6.3.4 | |
| atmail | atmail | 6.3.5 | |
| atmail | atmail | 6.3.6 | |
| atmail | atmail | 6.4.0 | |
| atmail | atmail | 6.4.1 | |
| atmail | atmail | 6.4.2 | |
| atmail | atmail | 6.5.0 | |
| atmail | atmail | 6.6.0 | |
| atmail | atmail | 6.6.1 | |
| atmail | atmail | 6.6.2 | |
| atmail | atmail | 6.20.4 | |
| atmail | atmail | 6.20.5 | |
| atmail | atmail | 6.20.6 | |
| atmail | atmail | 6.20.7 | |
| atmail | atmail | 6.20.8 | |
| atmail | atmail | 6.20.10 | |
| atmail | atmail | 6.20.11 | |
| atmail | atmail | 6.20.12 | |
| atmail | atmail | 6.20.13 | |
| atmail | atmail | 7.1.0 | |
| atmail | atmail | 7.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C669A8-B5BB-4D13-9683-4A10568E52E3",
"versionEndIncluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Atmail anteriores a 6.6.4, y 7.x anteriores a 7.1.2, tienen un impacto y vectores de ataque no especificados, una vulnerabilidad diferente a CVE-2013-5032, CVE-2013-5033, y CVE-2013-5034."
}
],
"id": "CVE-2013-5031",
"lastModified": "2024-11-21T01:56:56.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-12T18:34:55.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://atmail.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://atmail.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2024-11-21 01:58
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atmail | atmail | * | |
| atmail | atmail | 6.3.0 | |
| atmail | atmail | 6.3.1 | |
| atmail | atmail | 6.3.2 | |
| atmail | atmail | 6.3.3 | |
| atmail | atmail | 6.3.4 | |
| atmail | atmail | 6.3.5 | |
| atmail | atmail | 6.3.6 | |
| atmail | atmail | 6.4.0 | |
| atmail | atmail | 6.4.1 | |
| atmail | atmail | 6.4.2 | |
| atmail | atmail | 6.5.0 | |
| atmail | atmail | 6.6.0 | |
| atmail | atmail | 6.6.1 | |
| atmail | atmail | 6.6.2 | |
| atmail | atmail | 6.6.3 | |
| atmail | atmail | 6.6.4 | |
| atmail | atmail | 6.20.4 | |
| atmail | atmail | 6.20.5 | |
| atmail | atmail | 6.20.6 | |
| atmail | atmail | 6.20.7 | |
| atmail | atmail | 6.20.8 | |
| atmail | atmail | 6.20.10 | |
| atmail | atmail | 6.20.11 | |
| atmail | atmail | 6.20.12 | |
| atmail | atmail | 6.20.13 | |
| atmail | atmail | 7.1.0 | |
| atmail | atmail | 7.1.1 | |
| atmail | atmail | 7.1.2 | |
| atmail | atmail | 7.1.3 | |
| atmail | atmail | 7.1.4 | |
| atmail | atmail | 7.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "880F5995-4E7A-4ABA-93C1-4FA0E40EEC50",
"versionEndIncluding": "7.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A33A05DF-1DEC-48F9-981E-317FE147C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4C5CC8-10A9-4F9F-B0E7-BB3D6974F388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46402FA8-4E02-499D-A01F-90A4F063E267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B04163B8-F351-4B89-84D3-4B901BBC7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFF6444-0F90-4737-A782-78D808816A2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "70FAE32B-2858-45E8-88C3-5B28BA7DF482",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product\u0027s service."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades cross-site request forgery (CSRF) en Atmail Webmail Server anteriores a 7.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que (1) a\u00f1aden cuentas de usuarios, (2) modifican cuentas de usuarios, (3) borran cuentas de usuarios o (4) paran el servicio del producto."
}
],
"id": "CVE-2013-6028",
"lastModified": "2024-11-21T01:58:38.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-12T18:34:55.767",
"references": [
{
"source": "cret@cert.org",
"url": "http://atmail.com/changelog/"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/101936"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://atmail.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-07 14:15
Modified
2024-11-21 08:58
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Hebing123/cve/issues/16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Hebing123/cve/issues/16 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Atmail v6.6.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de nombre de usuario en la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"id": "CVE-2024-24133",
"lastModified": "2024-11-21T08:58:57.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-07T14:15:52.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Hebing123/cve/issues/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Hebing123/cve/issues/16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2024-11-21 01:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atmail | atmail | * | |
| atmail | atmail | 6.3.0 | |
| atmail | atmail | 6.3.1 | |
| atmail | atmail | 6.3.2 | |
| atmail | atmail | 6.3.3 | |
| atmail | atmail | 6.3.4 | |
| atmail | atmail | 6.3.5 | |
| atmail | atmail | 6.3.6 | |
| atmail | atmail | 6.4.0 | |
| atmail | atmail | 6.4.1 | |
| atmail | atmail | 6.4.2 | |
| atmail | atmail | 6.5.0 | |
| atmail | atmail | 6.6.0 | |
| atmail | atmail | 6.6.1 | |
| atmail | atmail | 6.6.2 | |
| atmail | atmail | 6.6.3 | |
| atmail | atmail | 6.6.4 | |
| atmail | atmail | 6.20.4 | |
| atmail | atmail | 6.20.5 | |
| atmail | atmail | 6.20.6 | |
| atmail | atmail | 6.20.7 | |
| atmail | atmail | 6.20.8 | |
| atmail | atmail | 6.20.10 | |
| atmail | atmail | 6.20.11 | |
| atmail | atmail | 6.20.12 | |
| atmail | atmail | 6.20.13 | |
| atmail | atmail | 7.1.0 | |
| atmail | atmail | 7.1.1 | |
| atmail | atmail | 7.1.2 | |
| atmail | atmail | 7.1.3 | |
| atmail | atmail | 7.1.4 | |
| atmail | atmail | 7.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "880F5995-4E7A-4ABA-93C1-4FA0E40EEC50",
"versionEndIncluding": "7.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A33A05DF-1DEC-48F9-981E-317FE147C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4C5CC8-10A9-4F9F-B0E7-BB3D6974F388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46402FA8-4E02-499D-A01F-90A4F063E267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B04163B8-F351-4B89-84D3-4B901BBC7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFF6444-0F90-4737-A782-78D808816A2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "70FAE32B-2858-45E8-88C3-5B28BA7DF482",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en Atmail Webmail Server anteriores a 7.2 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s del cuerpo de un mensaje de email, como fue demostrado con el atributo SRC en un elemento IFRAME."
}
],
"id": "CVE-2013-6017",
"lastModified": "2024-11-21T01:58:37.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-12T18:34:55.737",
"references": [
{
"source": "cret@cert.org",
"url": "http://atmail.com/changelog/"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/101937"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/64779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://atmail.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64779"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2024-11-21 01:56
Severity ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atmail | atmail | * | |
| atmail | atmail | 6.3.0 | |
| atmail | atmail | 6.3.1 | |
| atmail | atmail | 6.3.2 | |
| atmail | atmail | 6.3.3 | |
| atmail | atmail | 6.3.4 | |
| atmail | atmail | 6.3.5 | |
| atmail | atmail | 6.3.6 | |
| atmail | atmail | 6.4.0 | |
| atmail | atmail | 6.4.1 | |
| atmail | atmail | 6.4.2 | |
| atmail | atmail | 6.5.0 | |
| atmail | atmail | 6.6.0 | |
| atmail | atmail | 6.6.1 | |
| atmail | atmail | 6.6.2 | |
| atmail | atmail | 6.20.4 | |
| atmail | atmail | 6.20.5 | |
| atmail | atmail | 6.20.6 | |
| atmail | atmail | 6.20.7 | |
| atmail | atmail | 6.20.8 | |
| atmail | atmail | 6.20.10 | |
| atmail | atmail | 6.20.11 | |
| atmail | atmail | 6.20.12 | |
| atmail | atmail | 6.20.13 | |
| atmail | atmail | 7.1.0 | |
| atmail | atmail | 7.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C669A8-B5BB-4D13-9683-4A10568E52E3",
"versionEndIncluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Atmail anterior a la versi\u00f3n 6.6.4, y 7.x anterior a 7.1.2, tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034."
}
],
"id": "CVE-2013-5032",
"lastModified": "2024-11-21T01:56:56.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-12T18:34:55.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://atmail.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://atmail.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-25 17:29
Modified
2024-11-21 03:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | Vendor Advisory | |
| cve@mitre.org | https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/ | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "475554FA-203F-43CE-9672-A479B53D8B85",
"versionEndIncluding": "7.8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en atmail anterior a versi\u00f3n 7.8.0.2, permite a los atacantes remotos inyectar un script web o HTML arbitrario dentro del cuerpo de un correo electr\u00f3nico por medio de un elemento IMG con comillas simples y comillas dobles."
}
],
"id": "CVE-2017-11617",
"lastModified": "2024-11-21T03:08:07.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T17:29:00.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-12 15:55
Modified
2024-11-21 01:58
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540D2758-A0B7-40DB-8FF9-DEB8DEBAFA65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Atmail Webmail Server 7.0.2 permiten atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del (1) par\u00e1metro filter hacia index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 o (2) par\u00e1metro mailId[] hacia index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTA: el vector del proceso de visualizaci\u00f3n del mensaje de adjunto ya est\u00e1 cubierto en CVE-2013-2585."
}
],
"id": "CVE-2013-6229",
"lastModified": "2024-11-21T01:58:53.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-12T15:55:05.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-014"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-09 00:02
Modified
2024-11-21 00:06
Severity ?
Summary
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90355215-D661-4C36-B177-39F0075B5AE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en compose.pl en @Mail 4.3 y en versiones anteriores para Windows permite a atacantes remotos subir archivos arbitrarios en ubicaciones arbitrarias a trav\u00e9s de .. (punto punto) en el par\u00e1metro unique."
}
],
"id": "CVE-2006-0611",
"lastModified": "2024-11-21T00:06:54.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://kb.atmail.com/view_article.php?num=374"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18646"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22882"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16470"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0415"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://kb.atmail.com/view_article.php?num=374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24459"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2024-11-21 01:56
Severity ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atmail | atmail | * | |
| atmail | atmail | 6.3.0 | |
| atmail | atmail | 6.3.1 | |
| atmail | atmail | 6.3.2 | |
| atmail | atmail | 6.3.3 | |
| atmail | atmail | 6.3.4 | |
| atmail | atmail | 6.3.5 | |
| atmail | atmail | 6.3.6 | |
| atmail | atmail | 6.4.0 | |
| atmail | atmail | 6.4.1 | |
| atmail | atmail | 6.4.2 | |
| atmail | atmail | 6.5.0 | |
| atmail | atmail | 6.6.0 | |
| atmail | atmail | 6.6.1 | |
| atmail | atmail | 6.6.2 | |
| atmail | atmail | 6.20.4 | |
| atmail | atmail | 6.20.5 | |
| atmail | atmail | 6.20.6 | |
| atmail | atmail | 6.20.7 | |
| atmail | atmail | 6.20.8 | |
| atmail | atmail | 6.20.10 | |
| atmail | atmail | 6.20.11 | |
| atmail | atmail | 6.20.12 | |
| atmail | atmail | 6.20.13 | |
| atmail | atmail | 7.1.0 | |
| atmail | atmail | 7.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C669A8-B5BB-4D13-9683-4A10568E52E3",
"versionEndIncluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Atmail anteriores a 6.6.4, y 7.x anteriores a 7.1.2, tienen un impacto y vectores de ataque no especificados, una vulnerabilidad diferente a CVE-2013-5031, CVE-2013-5032, y CVE-2013-5034."
}
],
"id": "CVE-2013-5033",
"lastModified": "2024-11-21T01:56:56.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-12T18:34:55.627",
"references": [
{
"source": "cve@mitre.org",
"url": "http://atmail.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://atmail.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-6017
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/101937 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/64779 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/204950 | third-party-advisory, x_refsource_CERT-VN | |
| http://atmail.com/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101937",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101937"
},
{
"name": "64779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64779"
},
{
"name": "VU#204950",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atmail.com/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101937",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101937"
},
{
"name": "64779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64779"
},
{
"name": "VU#204950",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atmail.com/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101937",
"refsource": "OSVDB",
"url": "http://osvdb.org/101937"
},
{
"name": "64779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64779"
},
{
"name": "VU#204950",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6017",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2013-10-04T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0611
Vulnerability from cvelistv5
Published
2006-02-09 00:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16470 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24459 | vdb-entry, x_refsource_XF | |
| http://kb.atmail.com/view_article.php?num=374 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/0415 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18646 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/22882 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16470"
},
{
"name": "@mail-compose-directory-traversal(24459)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.atmail.com/view_article.php?num=374"
},
{
"name": "ADV-2006-0415",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0415"
},
{
"name": "18646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18646"
},
{
"name": "22882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16470"
},
{
"name": "@mail-compose-directory-traversal(24459)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.atmail.com/view_article.php?num=374"
},
{
"name": "ADV-2006-0415",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0415"
},
{
"name": "18646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18646"
},
{
"name": "22882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16470"
},
{
"name": "@mail-compose-directory-traversal(24459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24459"
},
{
"name": "http://kb.atmail.com/view_article.php?num=374",
"refsource": "CONFIRM",
"url": "http://kb.atmail.com/view_article.php?num=374"
},
{
"name": "ADV-2006-0415",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0415"
},
{
"name": "18646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18646"
},
{
"name": "22882",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0611",
"datePublished": "2006-02-09T00:00:00",
"dateReserved": "2006-02-08T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5032
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/ | x_refsource_CONFIRM | |
| http://atmail.com/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atmail.com/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-12T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atmail.com/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/",
"refsource": "CONFIRM",
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5032",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24133
Vulnerability from cvelistv5
Published
2024-02-07 00:00
Modified
2024-08-22 19:04
Severity ?
EPSS score ?
Summary
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:51.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hebing123/cve/issues/16"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atmail",
"vendor": "atmail",
"versions": [
{
"status": "affected",
"version": "6.6.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24133",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:02:27.875208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:04:09.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T14:06:22.645003",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Hebing123/cve/issues/16"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-24133",
"datePublished": "2024-02-07T00:00:00",
"dateReserved": "2024-01-25T00:00:00",
"dateUpdated": "2024-08-22T19:04:09.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5033
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/ | x_refsource_CONFIRM | |
| http://atmail.com/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atmail.com/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-12T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atmail.com/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/",
"refsource": "CONFIRM",
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5033",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9518
Vulnerability from cvelistv5
Published
2017-06-08 14:00
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6",
"refsource": "CONFIRM",
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9518",
"datePublished": "2017-06-08T14:00:00Z",
"dateReserved": "2017-06-08T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:07.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2585
Vulnerability from cvelistv5
Published
2014-02-12 18:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/<MessageID>/filenameOriginal/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.isecauditors.com/advisories-2013#2013-004 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/530934/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://atmail.com/changelog | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-004"
},
{
"name": "20140206 [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://atmail.com/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/\u003cMessageID\u003e/filenameOriginal/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-004"
},
{
"name": "20140206 [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://atmail.com/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/\u003cMessageID\u003e/filenameOriginal/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.isecauditors.com/advisories-2013#2013-004",
"refsource": "MISC",
"url": "http://www.isecauditors.com/advisories-2013#2013-004"
},
{
"name": "20140206 [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"name": "https://atmail.com/changelog",
"refsource": "CONFIRM",
"url": "https://atmail.com/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2585",
"datePublished": "2014-02-12T18:00:00",
"dateReserved": "2013-03-15T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9519
Vulnerability from cvelistv5
Published
2017-06-08 14:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6",
"refsource": "CONFIRM",
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9519",
"datePublished": "2017-06-08T14:00:00Z",
"dateReserved": "2017-06-08T00:00:00Z",
"dateUpdated": "2024-09-16T18:54:13.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31200
Vulnerability from cvelistv5
Published
2023-07-27 00:00
Modified
2024-10-23 13:04
Severity ?
EPSS score ?
Summary
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portswigger.net/blog/exploiting-xss-in-post-requests"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40rohitgautam26/cve-2022-31200-5117bac8d548"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31200",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:04:43.876609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T13:04:54.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html\u0026FirstLoad=1\u0026HelpFile=file.html Search Terms field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://portswigger.net/blog/exploiting-xss-in-post-requests"
},
{
"url": "https://medium.com/%40rohitgautam26/cve-2022-31200-5117bac8d548"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31200",
"datePublished": "2023-07-27T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-10-23T13:04:54.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43574
Vulnerability from cvelistv5
Published
2021-11-15 14:18
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.atmail.com/hc/en-us/sections/115003283988 | x_refsource_MISC | |
| https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43574",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T18:34:18.090142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T18:34:29.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T14:18:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.atmail.com/hc/en-us/sections/115003283988",
"refsource": "MISC",
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"name": "https://medium.com/@bhattronit96/cve-2021-43574-696041dcab9e",
"refsource": "MISC",
"url": "https://medium.com/@bhattronit96/cve-2021-43574-696041dcab9e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43574",
"datePublished": "2021-11-15T14:18:31",
"dateReserved": "2021-11-09T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30776
Vulnerability from cvelistv5
Published
2022-05-16 13:35
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.atmail.com/hc/en-us/sections/115003283988 | x_refsource_MISC | |
| https://medium.com/%40bhattronit96/cve-2022-30776-cd34f977c2b9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40bhattronit96/cve-2022-30776-cd34f977c2b9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T13:35:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40bhattronit96/cve-2022-30776-cd34f977c2b9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.atmail.com/hc/en-us/sections/115003283988",
"refsource": "MISC",
"url": "https://help.atmail.com/hc/en-us/sections/115003283988"
},
{
"name": "https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9",
"refsource": "MISC",
"url": "https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30776",
"datePublished": "2022-05-16T13:35:42",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2593
Vulnerability from cvelistv5
Published
2020-02-06 13:47
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/20009 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/54630 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atmail | Atmail Webmail Server |
Version: 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:26.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Atmail Webmail Server",
"vendor": "Atmail",
"versions": [
{
"status": "affected",
"version": "6.4"
}
]
}
],
"datePublic": "2012-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T13:47:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/54630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atmail Webmail Server",
"version": {
"version_data": [
{
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Atmail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.exploit-db.com/exploits/20009",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"name": "http://www.securityfocus.com/bid/54630",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/54630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2593",
"datePublished": "2020-02-06T13:47:18",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:26.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6028
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/101936 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/204950 | third-party-advisory, x_refsource_CERT-VN | |
| http://atmail.com/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101936"
},
{
"name": "VU#204950",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atmail.com/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product\u0027s service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101936"
},
{
"name": "VU#204950",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atmail.com/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product\u0027s service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101936",
"refsource": "OSVDB",
"url": "http://osvdb.org/101936"
},
{
"name": "VU#204950",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6028",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2013-10-04T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5031
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/ | x_refsource_CONFIRM | |
| http://atmail.com/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atmail.com/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-12T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atmail.com/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/",
"refsource": "CONFIRM",
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5031",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11617
Vulnerability from cvelistv5
Published
2017-07-25 17:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/ | x_refsource_MISC | |
| https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/",
"refsource": "MISC",
"url": "https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/"
},
{
"name": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6",
"refsource": "MISC",
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11617",
"datePublished": "2017-07-25T17:00:00Z",
"dateReserved": "2017-07-25T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:18.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6229
Vulnerability from cvelistv5
Published
2014-02-12 15:00
Modified
2024-08-06 17:38
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/530934/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.isecauditors.com/advisories-2013#2013-014 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:58.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140206 [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140206 [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecauditors.com/advisories-2013#2013-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140206 [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530934/100/0/threaded"
},
{
"name": "http://www.isecauditors.com/advisories-2013#2013-014",
"refsource": "MISC",
"url": "http://www.isecauditors.com/advisories-2013#2013-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6229",
"datePublished": "2014-02-12T15:00:00",
"dateReserved": "2013-10-21T00:00:00",
"dateUpdated": "2024-08-06T17:38:58.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5034
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/ | x_refsource_CONFIRM | |
| http://atmail.com/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atmail.com/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-12T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atmail.com/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/",
"refsource": "CONFIRM",
"url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5034",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9517
Vulnerability from cvelistv5
Published
2017-06-08 14:00
Modified
2024-09-16 16:12
Severity ?
EPSS score ?
Summary
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6",
"refsource": "CONFIRM",
"url": "https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9517",
"datePublished": "2017-06-08T14:00:00Z",
"dateReserved": "2017-06-08T00:00:00Z",
"dateUpdated": "2024-09-16T16:12:35.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}