Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4353 | 1 Transware | 1 Active\! Mail | 2017-08-16 | 5.8 MEDIUM | N/A |
| The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. | |||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2017-08-16 | 5.8 MEDIUM | N/A |
| TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | |||||
| CVE-2013-2302 | 1 Transware | 1 Active\! Mail | 2013-04-04 | 1.9 LOW | N/A |
| TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. | |||||
| CVE-2010-3913 | 1 Transware | 1 Active\! Mail | 2010-11-08 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||