| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <007d01c333ea$0c15e070$3501a8c0@noamlp> From: bugtraq at securiteam.com (SecurITeam BugTraq Monitoring) Subject: Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal) Summary: Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". The product suffeed from multiple vulnerabilities that range from access to files that reside outside the bounding HTML root directory (through dnying access to the server by causing the server to utilize a high CPU percentage) through decryption of locally stored password, to a cross site scripting vulnerability in the web mail interface. Vulnerable version: * Mailtraq version 2.1.0.1302 Immune version: * Mailtraq version 2.3.2.1419 For the complete advisory see: http://www.securiteam.com/windowsntfocus/5HP0G1FAAC.html Thanks SecurITeam http://www.SecurITeam.com http://www.BeyondSecurity.com
Powered by blists - more mailing lists