lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 05 Jul 2004 20:28:16 +0200
From: Roman Medina-Heigl Hernandez <roman@...labs.com>
To: full-disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com, vulnwatch@...nwatch.org
Subject: RS-2004-2: "Content-Type" XSS vulnerability affecting other webmail systems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  Hello,

  On 29.May.2004, I disclosed an important XSS vulnerability in latest
versions of a well-known webmail: SquirrelMail. Upon publication I
received the notice that other important webmails were also vulnerable
to the same bug. Indeed the same exploits released for SquirrelMail
worked without any changes in these systems. I decided to contact
several other webmail vendors and ask directly to check their software
and confirm or deny the vulnerability.

  The purpose of this brief advisory is to provide you with the
collected info in an objective and summarized way.

  PS: Sorry for the big delay.

 Saludos,
 --Roman

- --
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQOmPneR/in3q1WdCEQKHUQCfaNoy7mu+g0AKsK9LFiwVyT5zXJEAoIzW
h0imdE0FayaQLIFBiX47hpHW
=9k38
-----END PGP SIGNATURE-----


View attachment "RS-Labs-Advisory-2004-2.txt" of type "text/plain" (6625 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ