CVE-2006-4954
The CVE relates to the updateuser servlet in Neon WebMail for Java prior to 5.08, which does not validate the in_id parameter. This vulnerability allows remote attackers to modify information of arbitrary users (e.g., passwords, permissions, profile settings, and creating/deleting users). The iss...