Search criteria
3 vulnerabilities by kmail
CVE-2006-7062 (GCVE-0-2006-7062)
Vulnerability from cvelistv5 – Published: 2007-02-24 01:00 – Updated: 2024-08-07 20:50
VLAI
Summary
calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/25065 | vdb-entryx_refsource_OSVDB |
Date Public
2006-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "kmail-calendar-path-disclosure(26120)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26120"
},
{
"name": "25065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "kmail-calendar-path-disclosure(26120)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26120"
},
{
"name": "25065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "kmail-calendar-path-disclosure(26120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26120"
},
{
"name": "25065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7062",
"datePublished": "2007-02-24T01:00:00.000Z",
"dateReserved": "2007-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2104 (GCVE-0-2006-2104)
Vulnerability from cvelistv5 – Published: 2006-04-29 10:00 – Updated: 2024-08-07 17:35
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/25062 | vdb-entryx_refsource_OSVDB |
| http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html | x_refsource_MISC |
| http://secunia.com/advisories/19755 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/25063 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/25064 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/1564 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/25061 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25062",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "19755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19755"
},
{
"name": "25063",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25063"
},
{
"name": "25064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25064"
},
{
"name": "ADV-2006-1564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1564"
},
{
"name": "25061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25061"
},
{
"name": "kmail-multiple-scripts-xss(26117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25062",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "19755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19755"
},
{
"name": "25063",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25063"
},
{
"name": "25064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25064"
},
{
"name": "ADV-2006-1564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1564"
},
{
"name": "25061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25061"
},
{
"name": "kmail-multiple-scripts-xss(26117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25062",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25062"
},
{
"name": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "19755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19755"
},
{
"name": "25063",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25063"
},
{
"name": "25064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25064"
},
{
"name": "ADV-2006-1564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1564"
},
{
"name": "25061",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25061"
},
{
"name": "kmail-multiple-scripts-xss(26117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2104",
"datePublished": "2006-04-29T10:00:00.000Z",
"dateReserved": "2006-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:35:31.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0404 (GCVE-0-2005-0404)
Vulnerability from cvelistv5 – Published: 2005-04-13 04:00 – Updated: 2024-08-07 21:13
VLAI
Summary
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://mail.kde.org/pipermail/kmail-devel/2005-Fe… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/14925 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.kde.org/show_bug.cgi?id=96020 | x_refsource_MISC |
| http://www.securiteam.com/unixfocus/5GP0B0AFFE.html | x_refsource_MISC |
Date Public
2005-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[kmail-devel] 20050215 [Bug 96020] HTML Allows Spoofing of Emails Content",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html"
},
{
"name": "14925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.kde.org/show_bug.cgi?id=96020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5GP0B0AFFE.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[kmail-devel] 20050215 [Bug 96020] HTML Allows Spoofing of Emails Content",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html"
},
{
"name": "14925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.kde.org/show_bug.cgi?id=96020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5GP0B0AFFE.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[kmail-devel] 20050215 [Bug 96020] HTML Allows Spoofing of Emails Content",
"refsource": "MLIST",
"url": "http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html"
},
{
"name": "14925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14925"
},
{
"name": "http://bugs.kde.org/show_bug.cgi?id=96020",
"refsource": "MISC",
"url": "http://bugs.kde.org/show_bug.cgi?id=96020"
},
{
"name": "http://www.securiteam.com/unixfocus/5GP0B0AFFE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5GP0B0AFFE.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0404",
"datePublished": "2005-04-13T04:00:00.000Z",
"dateReserved": "2005-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}