Socketmail : Security Vulnerabilities, CVEs,

CVE-2012-4059

Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
Max CVSS
6.8
EPSS Score
0.37%
Published
2012-07-25
Updated
2017-08-29

CVE-2012-4058

Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-25
Updated
2017-08-29

CVE-2007-5649

Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter.
Max CVSS
4.3
EPSS Score
0.48%
Published
2007-10-23
Updated
2017-07-29

CVE-2007-5627

PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter.
Max CVSS
6.8
EPSS Score
2.69%
Published
2007-10-23
Updated
2017-09-29

CVE-2006-2681

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.
Max CVSS
6.8
EPSS Score
3.65%
Published
2006-05-31
Updated
2017-07-20
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close