Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
afterlogic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5290
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and previous versions; and possibly MailBee WebMail Pro ASP prior to 3.4.64, WebMail Lite ASP prior to 4.0.11, and WebMail Lite PHP prior to 4.0.22; allow remote malicious users to inject arbitrary web...
Afterlogic Mailbee Webmail
Afterlogic Mailbee Webmail 3.4
Afterlogic Mailbee Webmail 3.2
Afterlogic Mailbee Webmail 3.3
Afterlogic Mailbee Webmail 3.1
2 EDB exploits
9.8
CVSSv3
CVE-2021-26293
An issue exists in AfterLogic Aurora up to and including 8.5.3 and WebMail Pro up to and including 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Serve...
Afterlogic Aurora
Afterlogic Webmail Pro
1 Github repository
7.5
CVSSv3
CVE-2021-26294
An issue exists in AfterLogic Aurora up to and including 7.7.9 and WebMail Pro up to and including 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/...
Afterlogic Aurora
Afterlogic Webmail Pro
2 Github repositories
4.8
CVSSv3
CVE-2017-14597
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
Afterlogic Aurora 7.7.5
Afterlogic Webmail 7.7
NA
CVE-2009-4743
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.
Afterlogic Webmail Pro
Afterlogic Webmail Pro 4.5
2 EDB exploits
6.1
CVSSv3
CVE-2019-19129
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
Afterlogic Aurora 8.3.11
Afterlogic Webmail Pro 8.3.11
6.1
CVSSv3
CVE-2019-16238
Afterlogic Aurora up to and including 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.
Afterlogic Aurora
NA
CVE-2008-0631
Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote malicious users to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.
Afterlogic Mailbee Objects 5.5
1 EDB exploit
8.8
CVSSv3
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows malicious users to execute arbitrary code via supplying a crafted .sabredav file.
Afterlogic Aurora Files 9.7.3
NA
CVE-2007-2061
Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote malicious users to inject arbitrary web script or HTML via the username parameter.
Afterlogic Mailbee Webmail 3.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »