78 matches found
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
The remote host is running MailWatch for MailScanner, a web-based front-end to MailScanner written in PHP. The version of MailWatch for MailScanner installed on the remote host fails to sanitize user-supplied input to the 'doc' parameter of the 'docs.php' script before using it to include PHP cod...
mailwatch 1.0.4 - 'doc' Local File Inclusion
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl mailwatch \n"; echo " \n"; echo " \n"; echo " Documentation\n"; echo " This page does not require authentication, so you can put...
mailwatch 1.0.4 - doc Local File Inclusion
mailwatch 1.0.4 - doc Local File Inclusion :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl mailwatch \n"; echo " \n"; echo " \n"; echo " Documentation\n"; echo " This page does no...
CVE-2002-2228
CVE-2002-2228 affects MailScanner prior to 4.0 5-1 and prior to 3.2 6-1. The vulnerability allows remote attackers to bypass protection by crafting attachments whose filenames contain (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that MailScanner cannot...
CVE-2002-2228
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with 1 extra leading spaces, 2 extra trailing spaces, or 3 alternate character encodings that cannot be processed by MailScanner...
CVE-2005-3471
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files...
CVE-2005-3470
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands...
CVE-2005-3470
MailWatch authenticate() Function SQL Injection (CVE-2005-3470) affects MailWatch for MailScanner 1.0.2. The Nessus entry notes the authentication() function in functions.php fails to sanitize inputs, enabling remote SQL injection to bypass authentication and gain administrative access. This is a...
CVE-2005-3471
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files...
CVE-2005-3470
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands...
CVE-2005-3471
CVE-2005-3471 describes a directory traversal vulnerability in the ruleset view of MailWatch for MailScanner 1.0.2, allowing remote attackers to access arbitrary files. The vulnerability stems from improper validation in the ruleset view, enabling an attacker to traverse the file system. The affe...
[SA16491] MailWatch for MailScanner XML-RPC PHP Code Execution
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SA15947] MailWatch for MailScanner XML-RPC PHP Code Execution
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
XML-RPC for PHP Remote Code Injection Vulnerability
Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...
CVE-2005-1706
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection...
CVE-2005-1706
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection...
CVE-2005-1706
MailScanner 4.41.3 and earlier is affected by an unspecified vulnerability described as “incomplete reporting of viruses in zip files,” which could allow remote attackers to bypass virus detection. The Red Hat and CVE records corroborate the same description. No concrete exploit details, impact s...
CVE-2002-2228
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with 1 extra leading spaces, 2 extra trailing spaces, or 3 alternate character encodings that cannot be processed by MailScanner...