lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031129140846Z648794-4779+2@kps1.test.onet.pl> Date: Sat, 29 Nov 2003 15:08:39 +0100 From: datasink@...pl To: bugtraq@...urityfocus.com Subject: Pieterpost - access to "vitual" account Hello bugtraq readers and writers ! name: PieterPost 0.10.6 homepage: http://todsah.nihilist.nl/index.php?p=Development/Projects/Pieterpost about: "PieterPost is a webbased interface to a pop3 mailbox. It is designed to be both small and easy to use" what: entering url http://server.com/pp.php?action=login anyone can get access to "virtual" account. I don't think that can be a big vuln, but at this moment anyone can send spam from such server and fake e-mail's. This work only with default configuration (localhost as pop3 server) and weak MTA agent - posible to change From header sending from localhost.
Powered by blists - more mailing lists