多个Merak Mail Server Webmail 漏洞

多个Merak Mail Server Webmail 漏洞

漏洞ID 1108058 漏洞类型 设计错误
发布时间 2004-07-17 更新时间 2005-10-20
图片[1]-多个Merak Mail Server Webmail 漏洞-安全小百科CVE编号 CVE-2004-1720
图片[2]-多个Merak Mail Server Webmail 漏洞-安全小百科CNNVD-ID CNNVD-200408-136
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/24381
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-136
|漏洞详情
MerakMailServer5.2.7版本中(1)address.html和可能的(2)calendar.html页面存在漏洞。远程攻击者可以通过无效的HTTP请求获取敏感信息,该漏洞泄露了安装路径。注意:目前还不清楚calendar.html是否泄露,因为仅仅在提供给通过合法手段获得路径的管理员的web日志中被泄露,
|漏洞EXP
source: http://www.securityfocus.com/bid/10966/info
    
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
    
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
    
These vulnerabilities are reported to exist in versions prior to 7.5.2.

/address.html?id=
|参考资料

来源:XF
名称:merak-address-calendar-path-disclosure(17027)
链接:http://xforce.iss.net/xforce/xfdb/17027
来源:BID
名称:10966
链接:http://www.securityfocus.com/bid/10966
来源:OSVDB
名称:9043
链接:http://www.osvdb.org/9043
来源:SECUNIA
名称:12269
链接:http://secunia.com/advisories/12269
来源:packetstormsecurity.nl
链接:http://packetstormsecurity.nl/0408-exploits/merak527.txt
来源:BUGTRAQ
名称:20040817VulnerabilitiesinMerakWebmailServer
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109279057326044&w;=2
来源:SECTRACK
名称:1010969
链接:http://securitytracker.com/id?1010969

相关推荐: WvDial Insecure Default Permissions Vulnerability

WvDial Insecure Default Permissions Vulnerability 漏洞ID 1103032 漏洞类型 Configuration Error 发布时间 2001-08-01 更新时间 2001-08-01 CVE编号 N/A …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享