cbcvebase.

Basilix Webmail vulnerabilities

7 known vulnerabilities affecting basilix/basilix_webmail.

Total CVEs
7
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1
CVE-2001-1044P4HIGHCVSS 7.5PoCv0.9.7_beta2001-01-11
CVE-2001-1044 [HIGH] CVE-2001-1044: Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the doc Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
nvd
CVE-2006-5167P4MEDIUMCVSS 5.1PoC≤ 1.1.1v0.9.7_beta+3 more2006-10-05
CVE-2006-5167 [MEDIUM] CVE-2006-5167: Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attacke Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php
nvd
CVE-2001-1045P4MEDIUMCVSS 5.0PoCv1.02_betav1.03_beta2001-07-06
CVE-2001-1045 [MEDIUM] CVE-2001-1045: Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows re Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
nvd
CVE-2002-1708P4MEDIUMCVSS 6.8PoCv1.1.02002-12-31
CVE-2002-1708 [MEDIUM] CVE-2002-1708: Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
nvd
CVE-2002-1709P4MEDIUMCVSS 6.4v1.1.02002-12-31
CVE-2002-1709 [MEDIUM] CVE-2002-1709: SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive info SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
nvd
CVE-2002-1710P4LOWCVSS 3.6v1.1.02002-12-31
CVE-2002-1710 [LOW] CVE-2002-1710: The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attach The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
nvd
CVE-2002-1711P4LOWCVSS 2.1v1.1.02002-12-31
CVE-2002-1711 [LOW] CVE-2002-1711: BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
nvd
Basilix Webmail vulnerabilities | cvebase