Zeta Components Mail 1.8.1 - Remote Code Execution

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

SmarterMail Email正文HTML注入漏洞

Bugtraq ID:64970 SmarterMail是一款邮件服务程序。 SmarterMail不正确过滤Email正文数据，允许远程攻击者利用漏洞构建恶意邮件，诱使用户解析，当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 SmarterMail 11.x 目前没有详细解决方案提供： http://www.smartertools.com/smartermail/mail-server-software.aspx ?php / Exploit Title: SmarterMail Enterprise and Standard =11.x Stored XSS Google...

SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting

Click Me, Please...\r\n NOTE: javascript html char encode = then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the exploit so you need to download it here and run...

SmarterMail 11.x Cross Site Scripting

Click Me, Please...\r\n NOTE: javascript html char encode = javaScRipt then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the exploit so you need to download it here and run the exploit in the phpmailer...

Hupa Webmail 0.0.2 Stored XSS

Exploit for java platform in category web applications !/usr/bin/python ''' Exploit Title: Hupa Webmail Stored XSS Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://james.apache.org/hupa/ Software Link:...

Roundcube Webmail 0.8.0 - Persistent Cross-Site Scripting

!/usr/bin/python ''' Exploit Title: Roundcube Webmail Stored XSS. Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://roundcube.net Software Link: http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/roundcubemail-0.8.0.tar.gz/download Version: 0.8.0...

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2590

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

Hexamail Server 4.4.5 - Persistent Cross-Site Scripting

Hexamail Server 4.4.5 - Persistent Cross-Site Scripting Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; root@bt:/ Send email to the victim: root@bt:/ sendemail -f [email protected] -t [email protected] -xu [email protected] \ -xp bob123 -u "Want some meal..?" -o...

Hexamail Server 4.4.5 - Persistent Cross-Site Scripting

Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; root@bt:/ Send email to the victim: root@bt:/ sendemail -f [email protected] -t [email protected] -xu [email protected] \ -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com Vendor time...

Hexamail Server <= 4.4.5 Persistent XSS Vulnerability

Exploit for windows platform in category web applications Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; email protected:/ Send email to the victim: email protected:/ sendemail -f email protected -t email protected -xu email protected \ -xp...

CVE-2002-1271

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx...

CVE-2002-1271

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx...

DEBIAN-CVE-2002-1271

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx...