20 matches found
EUVD-2006-2139
Malware in sbrugna...
EUVD-2006-0543
Malware in sbrugna...
EUVD-2006-0718
Malware in sbrugna...
NeoMail NeoMail.PL SessionID Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17728/info NeoMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
CVE-2006-2138
Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...
CVE-2006-2138
CVE-2006-2138 describes a cross-site scripting (XSS) vulnerability in NeoMail 1.29, specifically in neomail.pl, that allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. The issue is triggered in NeoMail’s web interface and can lead to user-side script execu...
CVE-2006-2138
Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...
Neomail.pl Local Cross Site Scripting
Aria-Security.net Advisory Discovered by: O.u.t.l.a.w www.Aria-security.net Gr33t to: A.u.r.a & R@1D3N & Smok3r ----------------------------------------------------------- Software: Neomail WebMail Link: http://neomail.sourceforge.net/ Attack method: Cross Site Scripting...
NeoMail - NeoMail.pl?sessionid Cross-Site Scripting
NeoMail - NeoMail.pl?sessionid Cross-Site Scripting source: https://www.securityfocus.com/bid/17728/info NeoMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to hav...
NeoMail - 'NeoMail.pl?sessionid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17728/info NeoMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of a...
NeoMail neomail.pl sort Parameter XSS
The remote host is running NeoMail, an open source webmail application written in Perl. The installed version of this software fails to validate the 'sort' parameter in the 'neomail.pl' script before using it to generate dynamic content. An attacker may be able to exploit this issue to inject...
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation
The remote host is running NeoMail, an open source webmail application written in Perl. The installed version of this software fails to validate the 'sessionid' parameter in the 'neomail-prefs.pl' script as a valid session identifier. An unauthenticated attacker may be able to exploit this issue ...
CVE-2006-0711
The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...
Design/Logic Flaw
The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...
CVE-2006-0711
The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...
CVE-2006-0711
NeoMail 1.28’s neomail-prefs.pl lacks validation of the sessionid in addfolder/deletefolder, allowing an unauthenticated attacker to create or delete arbitrary mail-folder files. Exploitation requires homedirfolders and homedirspools both set to no; files are manipulated subject to the process' g...
CVE-2006-0536
NeoMail 1.27 is affected by a cross-site scripting (XSS) flaw in neomail.pl where the sort parameter is not validated before use, allowing remote attackers to inject arbitrary HTML/JavaScript into a user’s browser and potentially steal session cookies or compromise accounts. The vulnerability is ...
neomailXSS.txt
Title: Neomail Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Discovered: 24 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Webmail Perl Client Vendor: neomail / www.neocodesolutions.com Vulnerability: Cross Site Scripting / Cookie-The...
[Full-disclosure] Neomail Cross Site Scripting Vulnerability
Title: Neomail Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk simoatmorxorg Discovered: 24 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Webmail Perl Client Vendor: neomail / www.neocodesolutions.com Vulnerability: Cross Site Scriptin...