Atmail : Security Vulnerabilities, CVEs, (CSRF)

CVE-2017-9519

atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-06-08
Updated
2017-06-13

CVE-2017-9518

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-06-08
Updated
2017-06-13

CVE-2017-9517

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-06-08
Updated
2017-06-13

CVE-2013-6028

Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.
Max CVSS
6.8
EPSS Score
0.15%
Published
2014-01-12
Updated
2015-08-07

CVE-2006-6701

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
Max CVSS
7.5
EPSS Score
0.91%
Published
2006-12-23
Updated
2018-10-17
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close