Vulnerability Under PostMaster Ver 3.16.1
| Дата публикации: | 15.11.2003 |
| Всего просмотров: | 909 |
| Опасность: | |
| Наличие исправления: | |
| Количество уязвимостей: | 1 |
| CVE ID: | Нет данных |
| Вектор эксплуатации: | |
| Воздействие: | |
| CWE ID: | Нет данных |
| Наличие эксплоита: | Нет данных |
| Уязвимые продукты: | |
| Описание: | This is a multi-part message in MIME format. --------------070008000608010009030207 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi , ------------------------------------------------------------------------ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard <http://antispam.yahoo.com/whatsnewfree> --------------070008000608010009030207 Content-Type: text/plain; name="PostMaster.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="PostMaster.txt" 14/11/03 ==================================== GSSIT - Global Security Solution IT ==================================== ------------------------------------------------------- Application: PostMaster Web Site: http://www.woppoware.com.au/ Versions: 3.16.1 Platform: Windows Bug : C.S.S Credits: ######## ######################################### # == Ziv Kamir == # # # # GSSIT - Global Security Solution IT # # # # Email : gss_it@yahoo.com # # # # # ######################################### --------------------- 1) Introduction 2) Bug 3) The Code 4) Fix ================ 1) Introduction ================ PostMaster is a combined Mail & Proxy Server, ideally suited to small business or home users. ======= 2) Bug ======= PostMaster Proxy Server suffer from C.S.S (Cross Site Scripting). =========== 3) The Code =========== http://localhost:8000/<script>alert('CSS')</script> ====== 4) Fix ====== Date of Vendor Notification: 13/11/03 Status: |