The Google generic TLD and ccTLD suffer from an open redirection vulnerability.
2efe35fa05f198a9263df0eeaaff4d6930be6f1b639a8d847a7ef850f3ddfac4
Boxcryptor.com suffered from a cross site scripting vulnerability.
aab48458247a4d57f3545b2250a6b9478315321df0e69c78e7b61de5f2d118d3
Atmail WebMail version 7.0.2 suffers from multiple cross site scripting vulnerabilities.
23b2b53a8d67a1e32d07fc9e6327ecca13eddf018a35f4a70313e79d7dc615ec
Project'Or RIA version 3.4.0 suffers from a remote SQL injection vulnerability.
994b42a23c4f6da7f39c572a3975c13a575414930eac772b4f02905a50d8c355
Project'Or RIA version 3.4.0 suffers from multiple cross site scripting vulnerabilities.
4939ebe50ee1824f871a19246958da91b44eab3ea21fdd422e8494f230995c9a
Atmail WebMail versions 7.0.2 and below suffer from a reflective cross site scripting vulnerability.
ff5341ba2491f38ee1944030bf777bbf3463e21753cdd0caff3312068641c1b0
LinkedIn suffers from a cross site request forgery vulnerability in the "Add Connections" invitation functionality.
c5b139a72bbd7b02ada9279c197de33ad532f99e9aef4a08b3dc7dd686b75a16
Oracle AS Portal 10g version 10.1.2 suffers from cross site scripting vulnerabilities.
01be71d80b7fe81294b6d74a1e6891d5fdc895d42564fa1b40b6c153a2cb4167
Atmail Webmail suffers from a cross site scripting vulnerability. Versions prior to 6.2.0 are affected.
cb6f90aa2c4b5814e7f1cc5ff1519d4fa832cced07f124d15e44fbe5111fb627
Tuenti.com suffers from an insecure direct object reference vulnerability allowing anyone to read arbitrary blog posts.
6f39659cdbc856ac25c93f23092ab2733e4e5ea90e0c2c8f02eb97c48177fd45
Google's GMail service is vulnerable to cross site request forgery vulnerabilities.
5e81bd372f765d1aa6e08bbb3574bc02f3fffd59eb60cdad2600347d27ff9d55
The Oracle Reports Web Cartridge (RWCGI60) is susceptible to cross site scripting vulnerabilities.
abb9e38652c696f842002f0085e4b520d7499222cd79a15df00e7c482b217a87
The Web Application Security Consortium is proud to present 'MX Injection: Capturing and Exploiting Hidden Mail Servers'. This article discusses how an attacker can inject additional commands into an online web mail application communicating with an IMAP/SMTP server.
94bd8b84698e67eb59003ab5d105584a50366e226a59e7e88a6db217ff2cff30
Improper command and information validation transmitted by Hastymail to the mail servers during the normal use of this application facilitates that an authenticated malicious user could inject arbitrary IMAP/SMTP commands into the mail servers used by Hastymail across parameters used by the webmail front-end in its communication with these mail servers. This vulnerability has been found in development version 1.5 and stable version 1.0.2.
a3e1f1a44710237610d3100801340ec499b4ad76630080fc5ed1b6ef649d4782
ISMail version 2.0 is vulnerable to a cross site scripting attack.
c0a92aa12c829c1e72c2441655b5e46a090475e777aaa52e446e0739ca20c876
SquirrelMail versions 1.4.5 and below suffer from an IMAP injection flaw. Versions 1.2.7 and below suffer from a SMTP injection flaw. Details provided.
14cc0b04e833bc5ee62ab6fe916d63fc4a302e2b75777de081e7a43462ff2d3f