4209 matches found
Дырки в mailman webmail
Классические дырки perl CGI при работе с файлами...
SRADV00005.txt
================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...
Endymion MailMan 3.0.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open function. Attackers can control the way...
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
The version of MailMan Webmail on the remote web server has an arbitrary command execution vulnerability. Input to the 'ALTERNATETEMPLATES' parameter of mmstdod.cgi is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the system. %NASLMINLEVEL 70300 C...
Дырка в WhoWhere Webmail (comm.lycos.com, angelfire.com, eudoramail.com)
Можно угадать имя файла с вложением на сервере...
PostACI Webmail Vulnerability
The PostACI webmail system contains a rather trival vulnerability. One can obtain the hostname, username and password variables for the MySQL server in addition to other setup information if PostACI is setup as described running out of the box by simplying going to the url:...
Trlinux Postaci Webmail 1.1.3 - Password Disclosure
Trlinux Postaci Webmail 1.1.3 - Password Disclosure source: https://www.securityfocus.com/bid/2029/info Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database...
Trlinux Postaci Webmail 1.1.3 - Password Disclosure
source: https://www.securityfocus.com/bid/2029/info Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database. Webmail stores database username and password...
Дырка в TWIG webmail
Используя ошибку в проверке агрументов можно загрузить и выполнить собственный php3-скрипт...
Security problems with TWIG webmail system
Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...
CVE-2000-0507
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command...
CVE-2000-0552
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information...
CVE-2000-0507
CVE-2000-0507 concerns Imate Webmail Server 2.5. A remote attacker can cause a denial of service by sending a HELO command with an extremely long argument, potentially crashing/shutting down the SMTP service (network exploit, no auth required; availability impact). The vulnerability stems from ha...
(SRADV00003) Arbitrary file disclosure through IMP
================================================= Secure Reality Pty Ltd. Security Advisory 3 SRADV00003 http://www.securereality.com.au ================================================= Title Arbitrary file disclosure through IMP Released 12/09/2000 Vulnerable Most all? versions of IMP 2.2.1...
horde.txt
Date: Fri, 8 Sep 2000 17:03:36 +0200 Sender: Bugtraq List From: "Winter, Christian" Subject: horde library bug - unchecked from-address To: [email protected] Hi, this bug we discovered recently. HORDE 1.2.0 $from-bug and how to exploit with IMP 2.2.0 Disclaimer: This is intended as a pape...
horde library bug - unchecked from-address
Hi, this bug we discovered recently. HORDE 1.2.0 $from-bug and how to exploit with IMP 2.2.0 Disclaimer: This is intended as a paper for sysadmins who want to secure their systems. It is NOT a how to for scriptkiddies to run any attack on a IMP-using site. The authors of this text will not be hel...
Web Application Security Survey
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. disclaimer The opinions, ideas and information expressed in the following text are my...
DoS против WebMail
Переполнение буфера в SMTP-команде HELO. В CMail - переполнение буфера при длинном имени пользователя в веб-интерфейсе порт 8002...
CVE-2000-0507
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command...
DST2K0006: Denial of Service Possibility in Imate WebMail Server v2.5
========================================================================== ====== Delphis Consulting Plc ========================================================================== ====== Security Team Advisories 26/05/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers...