Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
uebimiau uebimiau vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5235
Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 up to and including 2.7.10 allows remote malicious users to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely ...
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau 2.7.2
Uebimiau Uebimiau 2.7.9
2 EDB exploits
NA
CVE-2007-3172
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote malicious users to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter.
Uebimiau Uebimiau 2.7.9
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau 2.7.2
NA
CVE-2007-3170
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote malicious users to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.
Uebimiau Uebimiau 2.7.9
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau 2.7.2
1 EDB exploit
NA
CVE-2007-3171
Uebimiau Webmail allows remote malicious users to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau 2.7.2
Uebimiau Uebimiau 2.7.9
1 EDB exploit
NA
CVE-2006-3297
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely ...
Uebimiau Uebimiau
Uebimiau Uebimiau 2.7.10
NA
CVE-2006-3305
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4...
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau
6.1
CVSSv3
CVE-2013-2622
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.
Uebimiau Uebimiau
NA
CVE-2006-0469
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
Uebimiau Uebimiau 2.7.9
1 EDB exploit
NA
CVE-2009-3199
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
Uebimiau Uebimiau 3.2.0-2.0
1 EDB exploit
NA
CVE-2008-0210
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote malicious users to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal a...
Uebimiau Webmail 2.7.2
Uebimiau Webmail 2.7.10
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »