SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

MailBee WebMail Pro - Cross Site Scripting Issue


Arrow  SecurityAlert : 2572
Arrow  CVE : CVE-2007-2061
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : David Vieira-Kurz
Arrow  Published : 19.04.2007

Arrow  Affected Software : MailBee WebMail Pro 3.4



Arrow  Advisory Content :  

[MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting
Issue

Details
=======
Product: MailBee WebMail Pro 3.4
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.afterlogic.com
Vendor-Status: informed
Advisory-Status: published

Credits
============
Discovered by: David Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:
============
http://www.majorsecurity.de/index_2.php?major_rls=major_rls44

Introduction
============
"MailBee WebMail Pro is a web based mail client built as a set of ASP
scripts." [from http://www.afterlogic.com]

More Details
============
Cross Site Scripting:
Input passed directly to the "username" parameter in "check_login.asp" is
not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

Example:
/check_login.asp?email=>"><script>alert(15031988)</script>

Workaround
=============
Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "htmlentities()" php-function
to ensure that html tags
are not going to be executed.

Example:
$email = htmlspecialchars($_POST['email']);
$test = htmlentities($_GET('test'));
?>

History/Timeline
================
05.04.2007 discovery of the vulnerability
06.04.2007 additional tests with other versions
08.04.2007 contacted the vendor
09.04.2007 vendor confirmed the bugs
13.04.2007 advisory is written
13.04.2007 advisory released

MajorSecurity
=======
MajorSecurity is a non-profit German penetration testing and security
research project
which consists of only one person at the present time.
http://www.majorsecurity.de/




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass
Copyright © SecurityReason.com. All Rights Reserved.