[<prev] [next>] [day] [month] [year] [list]
Message-ID: <451146CC.1060106@vuln.sg>
Date: Wed, 20 Sep 2006 21:49:00 +0800
From: TAN Chew Keong <vulnpost-remove@...n.sg>
To: full-disclosure@...ts.grok.org.uk
Subject: [vuln.sg] Neon WebMail for Java Multiple
Vulnerabilities
[vuln.sg] Vulnerability Research Advisory
Neon WebMail for Java Multiple Vulnerabilities
by Tan Chew Keong
Release Date: 2006-09-20
Summary
-------
7 vulnerabilities have been found in Neon WebMail for Java. When
exploited, these vulnerabilities allow executing of arbitrary JSP code,
escalation of user's privileges, manipulating of user's emails and user
account information, disclosure of files on the server, and potentially
cause a DoS via large CPU resource utilisation by the MySQL server.
Tested Versions
---------------
Neon WebMail for Java version 5.06 and 5.07 (build.200607050)
Details
-------
http://vuln.sg/neonmail506-en.html
http://vuln.sg/neonmail506-jp.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists