Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2302 | 1 Transware | 1 Active\! Mail | 2024-11-21 | 1.9 LOW | N/A |
TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. | |||||
CVE-2010-3913 | 1 Transware | 1 Active\! Mail | 2024-11-21 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2024-11-21 | 5.8 MEDIUM | N/A |
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | |||||
CVE-2009-4353 | 1 Transware | 1 Active\! Mail | 2024-11-21 | 5.8 MEDIUM | N/A |
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. |