Emumail EMU Webmail多个漏洞

Emumail EMU Webmail多个漏洞

漏洞ID 1107783 漏洞类型 输入验证
发布时间 2004-03-12 更新时间 2005-10-20
图片[1]-Emumail EMU Webmail多个漏洞-安全小百科CVE编号 CVE-2004-2385
图片[2]-Emumail EMU Webmail多个漏洞-安全小百科CNNVD-ID CNNVD-200412-564
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23809
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-564
|漏洞详情
EMUWebmail5.2.7版本存在漏洞。远程攻击者可以借助init.emu的HTTP请求获得敏感路径信息(主目录)。
|漏洞EXP
source: http://www.securityfocus.com/bid/9861/info

Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script.

EMU Webmail 5.2.7 has been reported to be affected by these issues.

http://www.example.com/webmail/init.emu
|参考资料

来源:XF
名称:emu-init-path-disclosure(15453)
链接:http://xforce.iss.net/xforce/xfdb/15453
来源:BID
名称:9861
链接:http://www.securityfocus.com/bid/9861
来源:OSVDB
名称:4203
链接:http://www.osvdb.org/4203
来源:SECUNIA
名称:11110
链接:http://secunia.com/advisories/11110
来源:members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/emu/emu.txt

相关推荐: Website Baker Arbitrary File Upload Vulnerability

Website Baker Arbitrary File Upload Vulnerability 漏洞ID 1096252 漏洞类型 Input Validation Error 发布时间 2005-07-28 更新时间 2005-07-28 CVE编号 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享