exploits , vulnerabilities , articles , IceWarp Web Mail Session ID Disclosure Vulnerability

Title	IceWarp Web Mail Session ID Disclosure Vulnerability
Published	2002-02-09-12:00AM
Updated	2004-12-31-09:24PM
Class	Design Error
CVE	CAN-2002-0258
Remote	Yes
Local	No
Credit	Discovery of this vulnerability is credited to H?seyin Uslu <raistlinthewiz@hotmail.com>.
Vulnerable	IceWarp Web Mail 3.1.4 IceWarp Web Mail 1.40.10 IceWarp Web Mail 1.40 .00
Not Vulnerable	IceWarp Web Mail 3.3.1
Code	No exploit is required. The following example demonstrates how a malicious user may access another user's account provided they have acquired a valid session ID: http://www.example.com/view.html?id=[acquired ID]
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-11-26 ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
• 2009-11-26 America Online ICQ ActiveX Control Remote Code Execution Vulnerability
• 2009-11-26 Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
• 2009-11-25 Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
• 2009-11-25 XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
• 2009-11-25 Subscribe to Comments Prior to 2.1 Multiple Unspecified Cross Site Scripting Vulnerabilities
• 2009-11-25 Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
• 2009-11-24 Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
• 2009-11-24 RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
• 2009-11-24 Cacti Multiple HTML Injection Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Mon, 30 Nov 2009 07:57:19 +0000