Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
afterlogic webmail pro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4743
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.
Afterlogic Webmail Pro
Afterlogic Webmail Pro 4.5
2 EDB exploits
9.8
CVSSv3
CVE-2021-26293
An issue exists in AfterLogic Aurora up to and including 8.5.3 and WebMail Pro up to and including 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Serve...
Afterlogic Aurora
Afterlogic Webmail Pro
1 Github repository
7.5
CVSSv3
CVE-2021-26294
An issue exists in AfterLogic Aurora up to and including 7.7.9 and WebMail Pro up to and including 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/...
Afterlogic Aurora
Afterlogic Webmail Pro
2 Github repositories
6.1
CVSSv3
CVE-2019-19129
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
Afterlogic Aurora 8.3.11
Afterlogic Webmail Pro 8.3.11
NA
CVE-2007-5290
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and previous versions; and possibly MailBee WebMail Pro ASP prior to 3.4.64, WebMail Lite ASP prior to 4.0.11, and WebMail Lite PHP prior to 4.0.22; allow remote malicious users to inject arbitrary web...
Afterlogic Mailbee Webmail
Afterlogic Mailbee Webmail 3.4
Afterlogic Mailbee Webmail 3.2
Afterlogic Mailbee Webmail 3.3
Afterlogic Mailbee Webmail 3.1
2 EDB exploits
NA
CVE-2008-0333
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote malicious users to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
Afterlogic Mailbee Webmail Pro 4.1
1 EDB exploit
4.8
CVSSv3
CVE-2017-14597
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
Afterlogic Aurora 7.7.5
Afterlogic Webmail 7.7
NA
CVE-2007-2061
Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote malicious users to inject arbitrary web script or HTML via the username parameter.
Afterlogic Mailbee Webmail 3.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started