Lucene search
K

5 matches found

seebug.org
seebug.org
added 2014/10/22 12:0 a.m.28 views

winmail邮件系统存储型跨站

简要描述: winmail最近刚刚升级为最新版本,但系统存在一处XSS漏洞,利用该漏洞,我们可以盗取任意用户邮件内容和COOKIE信息,以及进行一些其他恶意操作。 详细说明: 1、涉及版本:Winmail Mail Server5.5 2、winmail邮件系统对发件人字段进行了过滤,但是在回复邮件时,系统会重新读取发件人,系统重新读取后,并没有对发件人字段进行过滤,导致存储型XSS的触发。 3、系统演示站点:http://demo.magicwinmail.com:6080/ 漏洞证明: 1、登录系统--》配置箱--》使用偏好,将发件人名字改为...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Winmail Mail Server 2.3 - Remote Format String Exploit

No description provided by source...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.11 views

Winmail Mail Server Information Disclosure

Three scripts that come with the installed Winmail Server chgpwd.php, domain.php and user.php allow a remote attacker to disclose sensitive information about the remote host. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...

7.1AI score
Exploits0References3
0day.today
0day.today
added 2003/06/11 12:0 a.m.29 views

Winmail Mail Server 2.3 Remote Format String Exploit

Exploit for unknown platform in category remote exploits ==================================================== Winmail Mail Server 2.3 Remote Format String Exploit ==================================================== / Magic Winmail Server 2.3Build 0402 Remote Format string exploit. Coded by Threa...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/11 12:0 a.m.46 views

Winmail Mail Server 2.3 Build 0402 - Remote Format String

/ Magic Winmail Server 2.3Build 0402 Remote Format string exploit. Coded by ThreaT. This one take advantage of a format bug in the SMTP protocol smtp port + The command to execute cannot exceed 90 characters + compile : cl.exe mwmxploit.c /w / include include pragma comment lib,"wsock32.lib" void...

7.4AI score
Exploits0
Rows per page
Query Builder