Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2379

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2379
Last Modified 05 Sep 2008 04:43:58
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2379

Summary

Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.

Vulnerable Systems

Application

  • Calacode At Mail Webmail System 3.64


References

XF - atmail-util-xss(15324)

SECTRACK - 1009208

BID - 9748

MISC - http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt

OSVDB - 4067

OSVDB - 4066

SECUNIA - 10978


Last Updated: 27 May 2016 10:39:26