Vulnerabilities (CVE)

Filtered by vendor Transware Subscribe
Filtered by product Active\! Mail
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2302 1 Transware 1 Active\! Mail 2024-11-21 1.9 LOW N/A
TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server.
CVE-2010-3913 1 Transware 1 Active\! Mail 2024-11-21 4.3 MEDIUM N/A
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2009-4354 1 Transware 1 Active\! Mail 2024-11-21 5.8 MEDIUM N/A
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.
CVE-2009-4353 1 Transware 1 Active\! Mail 2024-11-21 5.8 MEDIUM N/A
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.