Atmail: >> Atmail Open Security Vulnerabilities
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.
CVSS Score
7.5
EPSS Score
0.024
Published
2012-03-27
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence.
CVSS Score
5.0
EPSS Score
0.006
Published
2012-03-27
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2012-03-27
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
CVSS Score
6.4
EPSS Score
0.007
Published
2012-03-27
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
CVSS Score
5.0
EPSS Score
0.005
Published
2012-03-27
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.
CVSS Score
4.3
EPSS Score
0.064
Published
2011-12-01