Filtered by vendor Transware
Subscriptions
Filtered by product Active\! Mail
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3913 | 1 Transware | 1 Active\! Mail | 2025-04-11 | N/A |
| CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2013-2302 | 1 Transware | 1 Active\! Mail | 2025-04-11 | N/A |
| TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. | ||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2025-04-09 | N/A |
| TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | ||||
| CVE-2009-4353 | 1 Transware | 1 Active\! Mail | 2025-04-09 | N/A |
| The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. | ||||
Page 1 of 1.