MidnightBSD

Advisories for transware

CVE-2002-0950 HIGH

Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
transware active_mail 1.422
transware active_mail 2.0
CVE-2010-3913 MEDIUM

CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
transware active!_mail *
CVE-2013-2302 LOW

TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
transware active!_mail 6.0