86 matches found
Coremail 邮件系统存储型 XSS
简要描述: 设计疏忽导致可执行恶意 JavaScript 代码。 详细说明: 我原以为和 WooYun: Coremail邮件系统存储型XSS之二 这里是同一种文件漏洞,问过之后,了解到不是同一个。 本漏洞是直接预览 SVG 图片附件,会触发 SVG 内部脚本。新版本 Coremail “除了部分格式的图片和PDF”,不知道有没有修复这个问题,姑且发出来吧。 如图,用户预览附件即会触发 XSS。 (不嫌麻烦的话可以配合之前获取 sid/mid 的漏洞,在正文内插入链接、跳转到附件 SVG 的预览地址,作为伪装。) 漏洞证明:...
Anymacro Mail System 6 /share.php SQL注入漏洞
No description provided by source...
U-Mail邮件系统获取指定账户权限(任意用户明文密码查询)
简要描述: 可获取该系统指定用户权限,最近看发这套的人挺多的,不知道我这个你们觉得鸡肋不 详细说明: u-mail取回密码处设计不当,导致任意用户密码可越权查看,当update=s时,可查看任意账户密码 http://mail.xxx.com/webmail/[email protected]&update=s 直接查看指定邮箱账户密码 接下来想做什么都可以了。 谷歌: Powered by U-Mail 邮件服务器 官网Demo:...
Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net
Author: yaoxi original source http://blog.wangzhan.360.cn/ Recently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named“heart bleed”vulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to htt...
By the LFI caused by the Zimbra mail management system of 0day-vulnerability warning-the black bar safety net
Zimbra is a company with a lot of the mail system, may relate to many of the company's internal confidential, it is extremely important. This is a few days ago on exploit-db. com on the issue to the 0day to: it. By a local file inclusion vulnerability can be seen localconfig. xml content, and thi...
Eyou Mail System Remote Code Execution
Hi! The Eyou Mail System have a Remote Code Execution in \inc\fuction.php.It affects version below 3.6. The Vulnerability fuction is getloginipconfigfile in \inc\fuction.php. function getloginipconfigfile$domain, $file $dir = '/var/eyou/Domain/'; $dirmail = exec'/var/eyou/sbin/hashid '.$domain;...
MagicMail Mike g & e-mail system XSS and absolute path vulnerability-vulnerability warning-the black bar safety net
This morning in the Black Box testing of the local education network of the time to find a mail system vulnerability Comprising a reflectiveXSS as well as the absolute path to the leak Looked at looks like all is linux. Keywords: Mike g & e-mail system by MagicMail ! You can see a lot of governme...
Fedora Update for cyrus-imapd FEDORA-2011-13832
Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Fedora Update for cyrus-imapd FEDORA-2011-13832 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
[SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update
--------------------------------------------------------------------------- Debian Security Advisory DSA-2377-1 [email protected] http://www.debian.org/security/ Nico Golde Jan 1st, 2012 http://www.debian.org/security/faq -...
DSA-2377-1 cyrus-imapd-2.2 - denial of service
Bulletin has no description...
[SECURITY] Fedora 16 Update: cyrus-imapd-2.4.12-1.fc16
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
[SECURITY] Fedora 15 Update: cyrus-imapd-2.4.12-1.fc15
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
CVE-2011-1334
Cross-site scripting XSS vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported...
Fedora Update for cyrus-imapd FEDORA-2011-7217
Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Fedora Update for cyrus-imapd FEDORA-2011-7217 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
CVE-2011-2468
Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request...
Directory traversal
Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request...
CVE-2011-2468
CVE-2011-2468 describes a directory traversal vulnerability in the web interface of AnyMacro Mail System G4X. The issue allows remote attackers to read arbitrary files via directory traversal sequences in a request. Information across connected sources confirms the affected product and the vulner...
CVE-2011-2468
Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request...