汇总 inter7 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 缓冲区溢出、拒绝服务、跨站脚本与SQL 注入 等问题,部分漏洞可能导致 应用崩溃,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2007-0558 | PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. | [email protected] | 7.5 | 3.92% | 2007-01-30 | 2026-04-23 |
| CVE-2006-2346 | vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP. | [email protected] | 7.5 | 1.16% | 2006-05-12 | 2026-04-16 |
| CVE-2006-1141 | Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | [email protected] | 7.5 | 4.87% | 2006-03-10 | 2026-04-16 |
| CVE-2005-2820 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". | [email protected] | 4.3 | 0.65% | 2005-09-07 | 2026-04-16 |
| CVE-2005-2769 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. | [email protected] | 4.3 | 10.95% | 2005-09-02 | 2026-04-16 |
| CVE-2005-2724 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. | [email protected] | 4.3 | 0.80% | 2005-08-30 | 2026-04-16 |
| CVE-2005-1308 | SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. | [email protected] | 7.5 | 2.94% | 2005-04-15 | 2026-04-16 |
| CVE-2004-2313 | Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | [email protected] | 5.0 | 0.35% | 2004-12-31 | 2026-04-16 |
| CVE-2004-0777 | Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. | [email protected] | 7.5 | 15.92% | 2004-10-20 | 2026-04-16 |
| CVE-2004-0591 | Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. | [email protected] | 6.8 | 13.91% | 2004-08-06 | 2026-04-16 |
| CVE-2004-0224 | Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | [email protected] | 7.5 | 3.69% | 2004-04-15 | 2026-04-16 |
| CVE-2002-1414 | Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. | [email protected] | 4.6 | 0.47% | 2003-04-11 | 2026-04-16 |
| CVE-2003-0040 | SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. | [email protected] | 7.5 | 0.49% | 2003-02-19 | 2026-04-16 |
| CVE-2001-0990 | Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | [email protected] | 4.6 | 0.07% | 2001-09-04 | 2026-04-16 |
| CVE-2000-0583 | vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. | [email protected] | 5.0 | 0.74% | 2000-06-30 | 2026-04-16 |
| CVE-2000-0091 | Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. | [email protected] | 10.0 | 2.49% | 2000-01-21 | 2026-04-16 |