EUVD-2004-1495

Malware in sbrugna...

webmail2.mnsi.net Cross Site Scripting vulnerability OBB-4034253

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Multiple Denial of Service Vulnerabilities in Zarafa WebAccess and WebApp

Zarafa is a commercial collaborative software solution that provides email and webmail services, address book, calendar, notes, tasks and more. Multiple denial-of-service vulnerabilities exist in Zarafa WebAccess and WebApp, which could allow an attacker to crash the affected application, resulti...

MIT Open Redirect

URL Open Redirect on WEBMAIL of Massachusetts Institute of Technology Risk: Low CWE number: CWE-601 Date: 11/11/2014 Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on Linux Ubuntu 14.04 ; Mozilla Firefox 33.0 Vulnerable File: go.php Exploit: +...

Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit

No description provided by source. / Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================= / / By B-r00t / / / / In response to the Kerio Mailserver vulnerabilities / / discovered by David F.Madrid. / / / / Although this exploit requires valid...

Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI)

No description provided by source. On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a user named, victim, with a...

Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI)

Exploit for windows platform in category web applications On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a use...

Ability Mail Server 2013 -Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset)

On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a user named, victim, with a password of victim 5. Finish...

Microsoft Outlook Web Access Crafted POST Request Elevation of Privilege (CVE-2010-3213)

Outlook Web Access OWA is a webmail service of Microsoft Exchange Server 5.0 and later. The web interface of OWA resembles the interface in Microsoft Outlook. An elevation of privilege vulnerability was reported in Microsoft Outlook Web Access. The vulnerability is due to an error in Outlook Web...

Kryogeniks Indicted for Comcast Hack

Three alleged members of the hacker gang Kryogeniks were hit with a federal conspiracy charge for a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers. Prosecutors identified Christopher Allen Lewis, 19, and James Robert Black Jr., 20, as the hackers “EBK” and “Defiant,...

Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)

"cgi-fcgi" die"Launch from the merak php console!"; if !functionexists"icewarpapiobjectcall" die"You need the icewarp extension loaded!"; $shellcode= //original scode, alpha2 esp sh.txt "\xeb\x13\x5b\x31\xc0\x50\x31\xc0\x88\x43\x4a\x53". "\xbb\x0d\x25\x86\x7c". //WinExec, kernel32.dll XP SP3...

Icewarp Merak Mail Server 9.4.1 - Base64FileEncode() Buffer Overflow (PoC)

Icewarp Merak Mail Server 9.4.1 - Base64FileEncode Buffer Overflow PoC "cgi-fcgi" die"Launch from the merak php console!"; if !functionexists"icewarpapiobjectcall" die"You need the icewarp extension loaded!"; $shellcode= //original scode, alpha2 esp sh.txt...

Microsoft Outlook Web Access HTML Validation Cross Site Scripting (MS08-039; CVE-2008-2248)

Outlook Web Access OWA is a webmail service of Microsoft Exchange Server 5.0 and later. The web interface of OWA resembles the interface in Microsoft Outlook. A cross-site scripting vulnerability has been detected in Outlook Web Access. The vulnerability is a result of OWA incorrectly parsing HTM...

hotmailmsnxss.txt

Hotmail/MSN Cross Site Scripting Exploit Author: Simo64 Contact: simo64atmorxdotorg Discovered: 07/25/2006 Published: 08/10/2006 Vendor: MSN.com Service: Hotmail.com Webmail Service Vulnerability: Cross Site Scripting Cookie-Theft Severity: Medium/High Tested on: IE 6.0 designed for firefox 1.5 a...

[SA15038] netMailshar Professional Two Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: netMailshar Professional Two Vulnerabilities SECUNIA...

CVE-2004-1501

The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service CPU and memory consumption by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data...

CVE-2004-1501

The CVE-2004-1501 entry concerns the webmail service in Lan Suite 602, versions up to 2004.0.04.0909 and earlier. The vulnerability allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value and then disconnecting ...

[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities

SIG^2 Vulnerability Research Advisory Magic Winmail Server v4.0 Multiple Vulnerabilities by Tan Chew Keong Release Date: 27 Jan 2005 ADVISORY URL http://www.security.org.sg/vuln/magicwinmail40.html SUMMARY Magic Winmail Server http://www.magicwinmail.net/ is an enterprise class mail server softwa...

CVE-2004-2495

The 1 Webmail, 2 admin, and 3 SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service CPU consumption via a large number of simultaneous connections to the service...

CVE-2004-1501

The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service CPU and memory consumption by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data...