Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atmail vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24133
Atmail v6.6.0 exists to contain a SQL injection vulnerability via the username parameter on the login page.
Atmail Atmail 6.6.0
Atmail Atmail 6.3.0
NA
CVE-2010-4930
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail prior to 6.2.0 allows remote malicious users to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.
Atmail Webmail 6.1.6
Atmail Webmail 6.1.5
Atmail Webmail 6.1.4
Atmail Webmail 6.1.3
Atmail Webmail 6.1.8
Atmail Webmail 6.1.7
Atmail Webmail
Atmail Webmail 6.1.2
1 EDB exploit
8.8
CVSSv3
CVE-2017-9517
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to upload and import users via CSV.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9518
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to change the SMTP hostname and hijack all emails.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9519
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to create a user account.
Atmail Atmail
6.1
CVSSv3
CVE-2017-11617
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote malicious users to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
Atmail Atmail
6.1
CVSSv3
CVE-2012-2593
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote malicious users to inject arbitrary web script or HTML via the Date field of an email.
Atmail Atmail 6.4.0
1 EDB exploit
8 Github repositories
NA
CVE-2007-2825
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
Atmail Atmail Webmail
6.1
CVSSv3
CVE-2021-43574
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Atmail Atmail 6.5.0
NA
CVE-2006-0611
Directory traversal vulnerability in compose.pl in @Mail 4.3 and previous versions for Windows allows remote malicious users to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.
Atmail Atmail 4.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »