39 matches found
EUVD-2006-4937
Malware in sbrugna...
EUVD-2006-4941
Malware in sbrugna...
EUVD-2006-4938
Malware in sbrugna...
EUVD-2006-4939
Malware in sbrugna...
EUVD-2006-4942
Malware in sbrugna...
NeoSys Neon Webmail for Java 5.06/5.07 updateuser Servlet in_name Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...
NeoSys Neon Webmail for Java 5.06/5.07 maillist Servlet Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...
NeoSys Neon Webmail for Java 5.06/5.07 updatemail Servlet Arbitrary Mail Message Manipulation
No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...
NeoSys Neon Webmail for Java 5.06/5.07 updateuser Servlet in_id Variable Arbitrary User Information Modification
No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...
NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...
NeoSys Neon Webmail for Java 5.06/5.07 addrlist Servlet Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an...
CVE-2006-4956
Cross-site scripting XSS vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the inname parameter, as used by the Name field...
CVE-2006-4953
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the 1 adrsortkey and 2 adrsortkeydesc parameters in the a addrlist servlet, and the 3 sortkey and 4 sortkeydesc parameters in the b maillist servlet...
CVE-2006-4954
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the inid parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying 1 passwords and 2 permissions, 3 viewing profile settings, and 4 creating and 5 deleting users...
CVE-2006-4951
Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java JSP code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename...
CVE-2006-4952
The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter...
CVE-2006-4955
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. dot dot sequence in the 1 savefolder and 2 savefilename parameters...
CVE-2006-4953
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the 1 adrsortkey and 2 adrsortkeydesc parameters in the a addrlist servlet, and the 3 sortkey and 4 sortkeydesc parameters in the b maillist servlet...
CVE-2006-4956
Neon WebMail for Java before 5.08 has a cross-site scripting (XSS) vulnerability in the updateuser servlet. The in_name parameter used for the Name field can be exploited to inject arbitrary script/HTML when the page is rendered. The flaw is documented under CVE-2006-4956 with consistent vendor r...
CVE-2006-4952
The CVE-2006-4952 entry concerns Neon WebMail for Java (pre-5.08) where the updatemail servlet allows remote attackers to move e-mail messages of arbitrary users between folders. The vulnerability is triggered via the ID parameter alongside folderid and tofolderid, enabling unauthorized relocatio...