CVE-2005-4558
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/26983no verificadoexploitdbwww.exploit-db.com/exploits/26982no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://marc.info/?l=full-disclosure&m=113570229524828&w=2http://secunia.com/advisories/17046http://secunia.com/advisories/17865http://secunia.com/secunia_research/2005-62/advisory/http://securitytracker.com/id?1015412https://exchange.xforce.ibmcloud.com/vulnerabilities/23904http://www.osvdb.org/22080http://www.osvdb.org/22081http://www.securityfocus.com/archive/1/420255/100/0/threadedhttp://www.securityfocus.com/bid/16069