Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
basic webmail vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2012-5570
The Basic webmail module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
Basic Webmail Project Basic Webmail 6.x-1.0
Basic Webmail Project Basic Webmail 6.x-1.1
Basic Webmail Project Basic Webmail 6.x-1.x
6.1
CVSSv3
CVE-2010-5337
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
6.1
CVSSv3
CVE-2010-5338
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
6.1
CVSSv3
CVE-2010-5339
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
NA
CVE-2014-4945
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) prior to 6.1.8, as used in Horde Groupware Webmail Edition prior to 5.1.5, allow remote malicious users to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox...
Horde Groupware
Horde Groupware 5.1.3
Horde Groupware 5.1.2
Horde Groupware 5.1.1
Horde Groupware 5.1.0
Horde Internet Mail Program 6.1.3
Horde Internet Mail Program 6.1.2
Horde Internet Mail Program 6.1.1
Horde Internet Mail Program 6.1.0
Horde Internet Mail Program 6.0.0
Horde Groupware 5.0.2
Horde Groupware 5.0.1
Horde Groupware 5.0.0
Horde Internet Mail Program 6.0.5
Horde Internet Mail Program 6.0.4
Horde Internet Mail Program 6.0.3
Horde Internet Mail Program 6.0.2
Horde Internet Mail Program 6.0.1
Horde Groupware 5.0.4
Horde Internet Mail Program 6.1.6
Horde Internet Mail Program 6.1.4
Horde Groupware 5.0.5
NA
CVE-2012-5569
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x prior to 6.x-1.2 for Drupal allow remote malicious users to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.
Jason Flatt Basic Webmail 6.x-1.x
Basic Webmail Project Basic Webmail 6.x-1.1
Jason Flatt Basic Webmail 6.x-1.0
7.5
CVSSv3
CVE-2001-1537
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and previous versions stores cleartext usernames and passwords in cookies, which could allow malicious users to obtain authentication information and gain privileges.
Symfony Twig
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started