CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4953

Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/22029
http://vuln.sg/neonmail506-en.html
http://www.securityfocus.com/bid/20109
https://exchange.xforce.ibmcloud.com/vulnerabilities/29088
http://secunia.com/advisories/22029
http://vuln.sg/neonmail506-en.html
http://www.securityfocus.com/bid/20109
https://exchange.xforce.ibmcloud.com/vulnerabilities/29088

Products affected by CVE-2006-4953

Neosys » Neon Webmail » Version: 5.06

cpe:2.3:a:neosys:neon_webmail:5.06
Neosys » Neon Webmail » Version: 5.07

cpe:2.3:a:neosys:neon_webmail:5.07

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4953

Products

Pricing

Contact Us