Product
atmail
34 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-24133
CVE-2022-31200
CVE-2022-30776
CVE-2021-43574
CVE-2012-2593
CVE-2017-11617
CVE-2017-9519
CVE-2017-9518
CVE-2017-9517
CVE-2013-2585
CVE-2013-6229
CVE-2013-6028
CVE-2013-6017
CVE-2013-5034
CVE-2013-5033
CVE-2013-5032
CVE-2013-5031
CVE-2012-1920
CVE-2012-1919
CVE-2012-1918
CVE-2012-1917
CVE-2012-1916
CVE-2011-4540
CVE-2010-4930
CVE-2009-2455
CVE-2008-3579
CVE-2008-3395
CVE-2007-2825
CVE-2007-2153
CVE-2007-0953
CVE-2006-6704
CVE-2006-6702
CVE-2006-6701
CVE-2006-0611
all versions
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
all versions
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search T
all versions
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
all versions
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE:
all versions
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to i
<= 7.8.0.1
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script
<= 7.8.0.1
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
<= 7.8.0.1
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
<= 7.8.0.1
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
all versions
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attacker
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web
<= 7.1.6
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack th
<= 7.1.6
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web scrip
<= 6.6.3
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnera
<= 6.6.3
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnera
<= 6.6.3
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnera
<= 6.6.3
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnera
<= 1.04
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a dire
<= 1.04
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to cond
<= 1.04
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail
<= 1.04
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in th
<= 1.04
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment
all versions
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to
<= 6.1.9
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary we
all versions
Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrar
all versions
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attac
all versions
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/
<= 5.02
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbi
<= 5.0
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML
all versions
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web sc
<= 4.51
Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web scrip
<= 4.6
Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script
all versions
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote a
all versions
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary f