Calacode : Security Vulnerabilities, CVEs, CVSS score >= 5

CVE-2008-3579

Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.8
EPSS Score
0.30%
Published
2008-08-10
Updated
2017-08-08

CVE-2008-3395

Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.08%
Published
2008-07-31
Updated
2017-08-08

CVE-2006-6700

Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Max CVSS
6.8
EPSS Score
0.50%
Published
2006-12-23
Updated
2008-09-05

CVE-2004-2378

@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.
Max CVSS
5.0
EPSS Score
2.52%
Published
2004-12-31
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close