Uebimiau Webmail vulnerabilities
2 known vulnerabilities affecting uebimiau/webmail.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2008-0210P3MEDIUMCVSS 6.4PoCv2.7.2v2.7.102008-01-10
CVE-2008-0210 [MEDIUM] CVE-2008-0210: Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set thr
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.
nvd
CVE-2008-0140P4MEDIUMCVSS 6.4PoCv2.7.2v2.7.102008-01-08
CVE-2008-0140 [MEDIUM] CWE-22 CVE-2008-0140: Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote au
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
nvd