Every CVE whose affected-product data names Neosys Neon Webmail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2006-4951 — CVSS 7.5 (high): Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file…
CVE-2006-4952 — CVSS 7.5 (high): The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between…
CVE-2006-4953 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via…
CVE-2006-4954 — CVSS 7.5 (high): The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify…
CVE-2006-4956 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject…
CVE-2006-4955 — CVSS 5.0 (medium): Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read…