atmail vulnerabilities and exploits

10
CVSSv2
CVE-2013-5034

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033....

7.8
CVSSv2
CVE-2008-3579

Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged...

6.8
CVSSv2
CVE-2017-9519

atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account....

10
CVSSv2
CVE-2013-5033

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034....

6.8
CVSSv2
CVE-2017-9517

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV....

4.3
CVSSv2
CVE-2013-6229

Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to...

Atmail
4.3
CVSSv2
CVE-2017-11617

Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes....

4.3
CVSSv2
CVE-2013-2585

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to...

10
CVSSv2
CVE-2013-5031

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034....

6.8
CVSSv2
CVE-2017-9518

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails....