Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-4955 | 5.0 |
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.
|
20-07-2017 - 01:33 | 23-09-2006 - 10:07 | |
CVE-2006-4953 | 7.5 |
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4)
|
20-07-2017 - 01:33 | 23-09-2006 - 10:07 | |
CVE-2006-4956 | 6.8 |
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.
|
20-07-2017 - 01:33 | 23-09-2006 - 10:07 | |
CVE-2006-4954 | 7.5 |
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing pro
|
20-07-2017 - 01:33 | 23-09-2006 - 10:07 | |
CVE-2006-4951 | 7.5 |
Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename.
|
20-07-2017 - 01:33 | 23-09-2006 - 10:07 | |
CVE-2006-4952 | 7.5 |
The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.
|
20-07-2017 - 01:33 | 23-09-2006 - 10:07 |