MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
BID:30700
Info
MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
| Bugtraq ID: | 30700 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3727 CVE-2008-3728 CVE-2008-3729 CVE-2008-3726 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 15 2008 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Oliver Karow |
| Vulnerable: |
MicroWorld Technologies MailScan 5.6.a espatch1 |
| Not Vulnerable: | |
Discussion
MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
MailScan is prone to multiple remote vulnerabilities:
- A directory-traversal vulnerability
- An authentication-bypass vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability
An attacker can exploit these issues to obtain sensitive information, gain unauthorized access to the affected application, execute arbitrary script code within the context of the website, and steal cookie-based authentication credentials. Other attacks are also possible.
MailScan 5.6.a espatch1 is vulnerable; other versions may also be affected.
MailScan is prone to multiple remote vulnerabilities:
- A directory-traversal vulnerability
- An authentication-bypass vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability
An attacker can exploit these issues to obtain sensitive information, gain unauthorized access to the affected application, execute arbitrary script code within the context of the website, and steal cookie-based authentication credentials. Other attacks are also possible.
MailScan 5.6.a espatch1 is vulnerable; other versions may also be affected.
Exploit / POC
MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.
The following exploit and proofs of concept are available:
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.
The following exploit and proofs of concept are available:
Solution / Fix
MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
References:
References:
- Vendor Homepage (MicroWorld Technologies)
- MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface ('oliver karow'