MailDwarf Multiple Input Validation Vulnerabilities

Bugtraq ID:	23207
Class:	Input Validation Error
CVE:	CVE-2007-1803 CVE-2007-1802
Remote:	Yes
Local:	No
Published:	Mar 30 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	JVN reported these vulnerabilities.
Vulnerable:	MailDwarf MailDwarf 3.01
Not Vulnerable:	MailDwarf MailDwarf 3.10

MailDwarf Multiple Input Validation Vulnerabilities

MailDwarf is prone to multiple input-validation vulnerabilities.

An attacker can exploit these issues to send mass amounts of unsolicited emails (spam), steal cookie-based authentication credentials, and perform other attacks.

MailDwarf 3.01 is vulnerable to these issues; other versions may also be vulnerable.

MailDwarf Multiple Input Validation Vulnerabilities

An attacker can exploit the mass-emailing vulnerability through a browser. For the cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.

MailDwarf Multiple Input Validation Vulnerabilities

Solution:
The vendor has released an update to address these issues. Contact the vendor for details on obtaining and applying the appropriate updates.


MailDwarf MailDwarf 3.01

• MailDwarf maildwarf310_up.lzh
  http://htmldwarf.hanameiro.net/mail/maildwarf310_up.lzh

MailDwarf Multiple Input Validation Vulnerabilities

References:

• JVN#08951968 (JVN)
  
• JVN#40511721 (JVN)
  
• Vendor Homepage (MailDwarf)