7 matches found
EUVD-2007-0615
Malware in sbrugna...
Code injection
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the 1 AddSenderToWhitelist and 2 AddDomainToWhitelist functions...
CVE-2007-0617
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the 1 AddSenderToWhitelist and 2 AddDomainToWhitelist functions...
CVE-2007-0617
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the 1 AddSenderToWhitelist and 2 AddDomainToWhitelist functions...
CVE-2007-0617
The CVE-2007-0617 entry involves Earthlink TotalAccess’s SpamBlocker.dll ActiveX control, which is labeled “safe for scripting.” This misclassification enables a remote attacker to modify the spam‑blocker whitelist by invoking AddSenderToWhitelist or AddDomainToWhitelist, allowing arbitrary addre...
Earthlink TotalAccess AtciveX protection bypass
It's possible to manage sender and domain whitelists...
[Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
Title: ------------------- Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability Vendor Contacted: ------------------- now-ish. Background Info: ------------------- Earthlink TotalAccess Download Site: http://www.earthlink.net/software/free/totalaccess/highspeed/ Description:...