Shodan
Vulnerabilities
Vulnerable Software
Basilix:  >> Basilix Webmail  Security Vulnerabilities
CVE-2006-5167
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
CVSS Score
5.1
EPSS Score
0.11
Published
2006-10-05
CVE-2002-1708
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
CVSS Score
6.8
EPSS Score
0.007
Published
2002-12-31
CVE-2002-1709
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
CVSS Score
6.4
EPSS Score
0.003
Published
2002-12-31
CVE-2002-1710
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
CVSS Score
3.6
EPSS Score
0.001
Published
2002-12-31
CVE-2002-1711
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
CVSS Score
2.1
EPSS Score
0.002
Published
2002-12-31
CVE-2001-1045
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
CVSS Score
5.0
EPSS Score
0.086
Published
2001-07-06
CVE-2001-1044
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
CVSS Score
7.5
EPSS Score
0.079
Published
2001-01-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved