Vicente Aguilera Diaz

7 exploits Active since Oct 2006
CVE-2013-6164 EXPLOITDB text WORKING POC
projeqtor 3.4.0 - SQL Injection via objectId Parameter
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
CVE-2006-6364 EXPLOITDB text WRITEUP
Inside Systems Mail <= 2.0 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2006-5262 EXPLOITDB text WORKING POC
Hastymail < 1.5 - Authenticated IMAP Command Injection via CRLF in Mailbox Name
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
CVE-2013-6229 EXPLOITDB text WRITEUP
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
CVE-2013-6229 EXPLOITDB text WRITEUP
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
CVE-2013-6229 EXPLOITDB text WRITEUP
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
CVE-2010-4930 EXPLOITDB text WORKING POC
atmail webmail < 6.1.9 - Cross-Site Scripting via MailType Parameter
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.