273 matches found
Horde <= 3.0.9 3.1.0 (Help Viewer) Remote Code Execution (metasploit)
No description provided by source. Title: Horde = 3.0.9, 3.1.0 Help Viewer Remote PHP Code Execution Vulnerability Name: hordehelpmodule.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module...
Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution (Metasploit)
Title: Horde package Msf::Exploit::hordehelpmodule; use base "Msf::Exploit"; use strict; use Pex::Text; use bytes; my $advanced = ; my $info = 'Name' = 'Horde help viewer module remote PHP code execution', 'Version' = '$Revision: 1.0 $', 'Authors' = 'inkubus ' , 'Arch' = , 'OS' = , 'Priv' = 0,...
SquirrelMail Web mail Change Passwd plugin buffer overflow
Buffer overflow on parsing command line arguments...
xinnet. com China new network Web Mail system has a serious vulnerability-a vulnerability warning-the black bar safety net
Long time no Post garbage come up, this also is not prepared to contribute, to the octal friend. First good luck to all octal friends a Happy New Year. Everyone knows China's famous New cafe, new network virtual host in a stable and secure known. Business users very much, I also bought a new...
CVE-2005-4556
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...
CVE-2005-4559
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the defaultlayout and layoutsettings variables when an unrecognized HTTPUSERAGENT string is provided, which allows remote attackers to acce...
CVE-2005-4557
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte %00 in the lang parameter, possibly due to a directory traversal vulnerability...
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...
CVE-2005-4556
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...
CVE-2005-4557
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte %00 in the lang parameter, possibly due to a directory traversal vulnerability...
CVE-2005-4558
CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...
CVE-2005-4557
CVE-2005-4557 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue is a remote inclusion vulnerability: an attacker can cause the system to include arbitrary local files via a null byte (%00) in the lang parameter, likely due to a ...
CVE-2005-4556
CVE-2005-4556 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). When register_globals is on, remote attackers can exploit PHP remote file include via the lang_settings and language parameters in accounts/inc/include.php and admin/inc/include...
CVE-2005-4559
CVE-2005-4559 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue lies in mail/include.html where default_layout and layout_settings are not properly initialized when an unrecognized HTTP_USER_AGENT is sent. This allows remote att...
Multiple Merak Mail Server / Icewarp Web Mail vulnerabilities
Unauthorized access, crossite scripting, unauthorized files deletion, information leak...
Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail
The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - . This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities. OpenVAS Vulnerability Test $Id:...
MerakXSS.txt
ShineShadow Security Report 30092005-06 TITLE: Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1. BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting- edge Merak Mail Server Instant Antispam and much more, is the fastest,...
CVE-2005-3132
MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlistinc.html, which reveals the path in an error message...
CVE-2005-3131
Multiple cross-site scripting XSS vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to blank.html, or the createdataCX parameter to 2 calendard.html, 3...