2 matches found
CVE-2006-4953
Neon WebMail for Java before 5.08 is affected by multiple SQL injection vulnerabilities. The issues enable remote attackers to execute arbitrary SQL commands via parameters in two servlets: (1) addrlist (adr_sortkey and adr_sortkey_desc) and (2) maillist (sortkey and sortkey_desc). Root cause is ...
NeoSys Neon Webmail for Java 5.065.07 - maillist Servlet Multiple SQL Injections
NeoSys Neon Webmail for Java 5.065.07 - maillist Servlet Multiple SQL Injections source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-uplo...