54 matches found
EUVD-2008-4911
Malware in sbrugna...
XSS Vulnerability in U-Mail Mail Server Software of Shenzhen Fuqia Technology Co.
U-Mail mail server software is the first-line brand in China to provide free lifetime upgrade of the mail system. Shenzhen Fuqia Technology Co., Ltd U-Mail mail server software XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user cookies...
SQL Injection Vulnerability in U-Mail Mail Server Software
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...
Command Execution Vulnerability in U-Mail Mail Server Software
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has a command execution vulnerability that can be exploited by...
U-Mail mail server software suffers from SQL injection vulnerability ( CNVD-2020-26500).
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades of the mail system, including data upgrades of the mail system, antivirus engine, anti-spam engine, etc. U-Mail mail server software is the first-tier brand that really provides lifetime free...
SQL Injection Vulnerability in U-Mail Mail Server Software (CNVD-2020-26501)
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...
U-Mail mail server software suffers from SQL injection vulnerability ( CNVD-2020-26499).
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...
U-Mail mail server software suffers from SQL injection vulnerability ( CNVD-2020-26502).
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...
U-Mail V9.8.57 /fast/default/operates.php 任意用户登录及注入漏洞
No description provided by source...
U-mail Mail System File Upload Vulnerability
U-mail is a mail service system. A file upload vulnerability exists in U-Mail for Windows V9.8.57. The vulnerability allows attackers to upload backdoor files and gain server privileges...
U-Mail Mail System Arbitrary File Containment Vulnerability
U-mail is a mail service system. The U-Mail mail system suffers from an arbitrary file inclusion vulnerability, which allows an attacker to exploit the vulnerability to download and view arbitrary files and obtain sensitive server information...
U-Mail mail system bulk getshell(truly unlimited, no General account-the vulnerability warning-the black bar safety net
The mail system is there any user login, and the presence of injection, which can be unlimited perfect getshell(getshell process only takes three simple. Mad Dog, this is not struck by lightning while waiting to be burst chrysanthemum. Detailed description: 1. Mail System Description 1 Official...
U-Mail V9.8.57 /client/pab/module/o_contact.php SQL注入漏洞
No description provided by source...
U-Mail邮件系统二次注入3(不鸡肋,可获取管理员密码)
简要描述: U-Mail邮件系统二次注入漏洞,可直接获取管理员密码 详细说明: 版本:最新版v9.8.57 漏洞文件 /client/oab/module/operates.php 代码 if ACTION == "save-to-pab" includeonce LIBPATH."PAB.php" ; $PAB = PAB::getinstance ; $maillistid = gss $GET'maillist' ; if $maillistid $memberall = $Maillist-getMemberByMaillistID $maillistid,...
U-Mail V9.8.54 /WorldClient/html/client/mail/module/o_mail.php 任意文件下载漏洞
No description provided by source...
U-Mail邮件系统注入(SQL Injections in MySQL LIMIT clause案例)
简要描述: SQL Injections in MySQL LIMIT clause,恰巧该邮件系统这处存在缺陷,刚好来个案例展示,通过注入可以获取管理员密码 详细说明: 漏洞产生的原因,sql语句中的limit由用户可控,其处理不当因而导致了sql注入的产生 漏洞文件/client/oab/module/operates.php 代码为 if ACTION == "member-get" $deptid = gss $GET'deptid' ; $deptid = intval $deptid ;//此处不传入该变量 $keyword = gss $GET'keyword' ; $pa...
U-Mail邮件系统任意用户登录漏洞
简要描述: 不多说了,这邮件系统问题简直太多,真揪心 详细说明: 漏洞文件 /fast/option/module/opassword.php代码 if ACTION == "question" $url = "/webmail/fast/option/index.php?module=view&action=password"; $where = "UserID='".$userid."'"; $data = array "question" = gss $POST'question' , "answer" = gss $POST'answer' ; $result =...
U-Mail邮件系统二次注入(不鸡肋,可直接获取管理员密码)
简要描述: U-Mail别哭。另外wooyun-2010-093049更新了无需登录且可批量getshell的exp,随便测试了下,批量轻轻松松get几百个shell,很严重,望管理速审核 : 详细说明: 漏洞文件 /client/oabshare/module/operates.php 代码 if ACTION == "save-to-pab" includeonce LIBPATH."PAB.php" ; $PAB = PAB::getinstance ; $maillistid = gss $GET'maillist' ; $maillistid = intval...
U-Mail邮件系统一处接口漏洞(可sql注入,任意用户登陆,获取管理员密码)
简要描述: 用户量这么多的邮件系统,分分钟钟就被getshell是件很令人头疼的事情。 详细说明: 1.邮件系统介绍 1)官方下载地址:http://www.comingchina.com/html/downloads/ 2)版本:最新版V9.8.57 3)测试环境:Windows Server 2003+IIS6.0+官方默认软件 4)使用案例:http://www.comingchina.com/html/case/ OR Google "Powered by U-Mail" 漏洞代码 附600多url下载 链接: http://pan.baidu.com/s/1nQRzo 密码:...
U-Mail v9.8.57 /getpass.php 信息泄漏漏洞
No description provided by source...