7 matches found
SmarterMail Email正文HTML注入漏洞
Bugtraq ID:64970 SmarterMail是一款邮件服务程序。 SmarterMail不正确过滤Email正文数据,允许远程攻击者利用漏洞构建恶意邮件,诱使用户解析,当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 SmarterMail 11.x 目前没有详细解决方案提供: http://www.smartertools.com/smartermail/mail-server-software.aspx ?php / Exploit Title: SmarterMail Enterprise and Standard =11.x Stored XSS Google...
SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting
Click Me, Please...\r\n NOTE: javascript html char encode = then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the exploit so you need to download it here and run...
SmarterMail 11.x Cross Site Scripting
Click Me, Please...\r\n NOTE: javascript html char encode = javaScRipt then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the exploit so you need to download it here and run the exploit in the phpmailer...
Hupa Webmail 0.0.2 Stored XSS
Exploit for java platform in category web applications !/usr/bin/python ''' Exploit Title: Hupa Webmail Stored XSS Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://james.apache.org/hupa/ Software Link:...
Roundcube Webmail 0.8.0 - Persistent Cross-Site Scripting
!/usr/bin/python ''' Exploit Title: Roundcube Webmail Stored XSS. Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://roundcube.net Software Link: http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/roundcubemail-0.8.0.tar.gz/download Version: 0.8.0...
CVE-2012-2573
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
CVE-2012-2590
Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...