Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atmail vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24133
Atmail v6.6.0 exists to contain a SQL injection vulnerability via the username parameter on the login page.
Atmail Atmail 6.6.0
Atmail Atmail 6.3.0
NA
CVE-2010-4930
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail prior to 6.2.0 allows remote malicious users to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.
Atmail Webmail 6.1.6
Atmail Webmail 6.1.5
Atmail Webmail 6.1.4
Atmail Webmail 6.1.3
Atmail Webmail 6.1.8
Atmail Webmail 6.1.7
Atmail Webmail
Atmail Webmail 6.1.2
1 EDB exploit
8.8
CVSSv3
CVE-2017-9517
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to upload and import users via CSV.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9518
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to change the SMTP hostname and hijack all emails.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9519
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to create a user account.
Atmail Atmail
6.1
CVSSv3
CVE-2017-11617
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote malicious users to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
Atmail Atmail
NA
CVE-2012-1916
@Mail WebMail Client in AtMail Open-Source prior to 1.05 allows remote malicious users to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.
Atmail Atmail Open
NA
CVE-2012-1918
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source prior to 1.05 allow remote malicious users to read arbitrary files via a .. (dot dot) in the Attachment[] parameter.
Atmail Atmail Open
NA
CVE-2012-1919
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source prior to 1.05 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
Atmail Atmail Open
NA
CVE-2006-6704
Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail prior to 4.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database."
Atmail Atmail Webadmin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »