GCVE - cpe:2.3:a:atmail:atmail_open:*:*:open-source:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atmail:atmail_open:*:*:open-source:*:*:*:*:*

part: a version: * update: *

Vendor	Atmail (`f3faa2b7-dbb1-5d22-a5dd-fec1b3085bc2`)
Product	Atmail Open (`d49e3570-ab32-53e9-84e1-2af07aac01bf`)
Edition	open-source
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/bigbluehat/atmailopen`	purl2cpe	2026-06-01 10:13:20.580460
`pkg:sourceforge/atmailopen`	purl2cpe	2026-06-01 10:13:20.580462

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-1920`	vulnerable	2026-06-08 05:00:51.426407	Details available @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. Published: 2012-03-27T19:00:00.000Z Updated: 2024-08-06T19:17:27.089Z Open on db.gcve.eu Reference links http://en.securitylab.ru/lab/PT-2011-48 https://exchange.xforce.ibmcloud.com/vulnerabilities/74282 http://www.kb.cert.org/vuls/id/743555 http://secunia.com/advisories/47012	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1919`	vulnerable	2026-06-08 05:00:51.426113	Details available CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter. Published: 2012-03-27T19:00:00.000Z Updated: 2024-08-06T19:17:26.898Z Open on db.gcve.eu Reference links http://en.securitylab.ru/lab/PT-2011-48 http://atmail.org/download/atmailopen.tgz http://www.kb.cert.org/vuls/id/743555 http://secunia.com/advisories/47012	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1918`	vulnerable	2026-06-08 05:00:51.425805	Details available Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter. Published: 2012-03-27T19:00:00.000Z Updated: 2024-08-06T19:17:27.263Z Open on db.gcve.eu Reference links http://en.securitylab.ru/lab/PT-2011-48 http://atmail.org/download/atmailopen.tgz https://exchange.xforce.ibmcloud.com/vulnerabilities/74504 http://www.kb.cert.org/vuls/id/743555 http://secunia.com/advisories/47012	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1917`	vulnerable	2026-06-08 05:00:51.425465	Details available compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence. Published: 2012-03-27T19:00:00.000Z Updated: 2024-08-06T19:17:27.278Z Open on db.gcve.eu Reference links http://en.securitylab.ru/lab/PT-2011-48 http://atmail.org/download/atmailopen.tgz http://www.kb.cert.org/vuls/id/743555 http://secunia.com/advisories/47012	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1916`	vulnerable	2026-06-08 05:00:51.425039	Details available @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/. Published: 2012-03-27T19:00:00.000Z Updated: 2024-08-06T19:17:27.038Z Open on db.gcve.eu Reference links http://en.securitylab.ru/lab/PT-2011-48 http://atmail.org/download/atmailopen.tgz http://www.kb.cert.org/vuls/id/743555 http://secunia.com/advisories/47012	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.