Command Execution Vulnerability in TurboMail

TurboMail is a Guangzhou Topo Software Technology Co., Ltd. for enterprises and institutions to develop the communication needs of the e-mail server system. TurboMail has a command execution vulnerability. Attackers can use the vulnerability to remotely execute commands to obtain server privilege...

SQL Injection Vulnerability in TurboMail

TurboMail is a Guangzhou Topo Software Technology Co., Ltd. for enterprises and institutions to develop the communication needs of the e-mail server system. TurboMail SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

Code Execution Vulnerability in TurboMail

TurboMail is developed by Guangzhou Topo Software Technology Co., Ltd. for the enterprise and public institution communication needs and the development of e-mail server system. TurboMail code execution vulnerability, an attacker can use this vulnerability to obtain control of the web server...

Turbomail email system domain parameter has SQL injection vulnerability

TurboMail email system is an email server system developed for the communication needs of enterprises and institutions. A SQL injection vulnerability exists in the domain parameter of the Turbomail mail system due to the system's failure to strictly filter the parameters entered by the user. An...

Multiple vulnerabilities in turbomail

TurboMail email system is an email server system developed for the communication needs of enterprises and institutions. turbomail there are leakage of user mailbox vulnerability, can be login blast vulnerability login authentication code bypass, ordinary user privilege injection vulnerability, if...

Turbomail turbomail. web. ViewFile parameters filename arbitrary file read vulnerability

No description provided by source...

Arbitrary File Download Vulnerability in Latest Version of TurboMail Mail

TurboMail mail system is an e-mail server system developed for the communication needs of enterprises and institutions. The system kernel is developed in C language, which is rigorous and safe and has excellent development. The latest version of TurboMail Mail has an arbitrary file download...

Arbitrary File Download Vulnerability in Latest Version of TurboMail Mail

TurboMail email system is an email server system developed for the communication needs of enterprises and institutions. The latest version of TurboMail Mail has an arbitrary file download vulnerability. An attacker can exploit the vulnerability to download arbitrary files and leak sensitive...

TurboMail XML实体注入漏洞

No description provided by source...

Unauthorized Access and Brute Force Breach Vulnerability in TurboMail Mail Server System

TurboMail email system is an email server system developed for the communication needs of enterprises and institutions. TurboMail Email Server System has unauthorized access and brute force vulnerabilities that allow attackers to exploit the vulnerabilities for unauthorized access, which can be...

Turbomail bookmark.jsp 参数bookmarkselect SQL注入

No description provided by source...

TurboMail BulletinAjax.java 等多处SQL注入漏洞

No description provided by source...

TurboGate邮件网关漏洞合集

简要描述： 拓波软件旗下另一款产品，用户量还是挺大的。 详细说明： TurboGate其实相当于TurboMail的早期版本，TurboGate集成了大量的在TurboMail中出现的漏洞。 这里只列出无需登录即可利用的漏洞，厂商可以根据TurboMail漏洞进行自查。 1. http://.../bugs/wooyun-2016-0167905 在TurboGate中使用的是axis2%remote; $alpharand g00dPa$$w0rD $alpharand 1 1 https://images.seebug.org/upload/201603/052322256...

TurboMail 设计缺陷以及默认配置导致的邮件信息泄露/权限逃脱/SQL注射

简要描述： 三连击，官网中招。 详细说明： TurboMail在安装完毕之后会有多个应用打开端口监听数据，其中有一个叫做TurboStore是用于存储邮件信息的的核心组件。 TurboStore打开的端口是9668 在/conf/server.xml中的配置如下： TRUE 15 30 30 60 admin YWRtaW4zMjE=3D all 9668 FALSE 从上面可以看到TurboStore需要登录，而用户名密码默认分别为admin/admin321，使用telnet登录如下： telnet ... 9668 login admin admin321 quit img...

Turbomail邮件系统一处存储型xss

简要描述： Turbomail邮件系统存在几处xss存储型漏洞。 详细说明： Turbomail邮件系统存在几处xss漏洞，可以利用此漏洞获取客户邮箱cookie。 漏洞一：简单绕过附件名称过滤，实现xss，打开信件就触发。 测试代码： 构造图片附件，命名he"onerror=alertdocument.domain.jpg发送信件，打开中，为了证明普遍性，特在几个不同版本邮箱中测试截图如下： 某个版本需要转发信件时才能触发： 漏洞二：某些版本在发件人昵称处存在xss漏洞，打开信鼠标经过发件人区域时触发，此时发件人区域颜色变黄：...

Turbomail邮件系统一处存储型xss

简要描述： Turbomail邮件系统存在一处xss存储型漏洞。 详细说明： Turbomail邮件系统存在一处xss漏洞，可以利用此漏洞获取客户邮箱cookie。 参照 WooYun: Coremail邮件正文存储型XSS漏洞（浏览器攻击技巧） 漏洞测试代码： 漏洞测试环境：Google浏览器。 漏洞效果如图12，为了证明普遍型特选用两种不同域名的邮箱测试： 图二： 漏洞证明： Turbomail邮件系统存在一处xss漏洞，可以利用此漏洞获取客户邮箱cookie。 参照 WooYun: Coremail邮件正文存储型XSS漏洞（浏览器攻击技巧） 漏洞测试代码：...

TurboMail 6.0.0 /nicknamelogin.jsp 登录绕过漏洞

No description provided by source...

TurboMail <=6.0.0 /mailmain 任意文件下载漏洞

No description provided by source...

TurboMail <=6.0.0 /mailmain 跨站脚本漏洞

No description provided by source. !/usr/bin/env python coding: utf-8 import re import random from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '1709' vul ID version = '1' author = 'lixin' vulDate = '2014-05-15'...

TurboMail /mailmain 弱密码漏洞

No description provided by source. !/usr/bin/env python coding: utf-8 import re import random import threading from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class MyThreadthreading.Thread: def initself,func,args,name='':...