[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [vuln.sg] Neon WebMail for Java Multiple Vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [vuln.sg] Neon WebMail for Java Multiple Vulnerabilities
From: TAN Chew Keong <vulnpost-remove@xxxxxxx>
Date: Wed, 20 Sep 2006 21:49:00 +0800

[vuln.sg] Vulnerability Research Advisory

Neon WebMail for Java Multiple Vulnerabilities

by Tan Chew Keong
Release Date: 2006-09-20

Summary
-------
7 vulnerabilities have been found in Neon WebMail for Java. When
exploited, these vulnerabilities allow executing of arbitrary JSP code,
escalation of user's privileges, manipulating of user's emails and user
account information, disclosure of files on the server, and potentially
cause a DoS via large CPU resource utilisation by the MySQL server.

Tested Versions
---------------
Neon WebMail for Java version 5.06 and 5.07 (build.200607050)

Details
-------
http://vuln.sg/neonmail506-en.html
http://vuln.sg/neonmail506-jp.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] PowerPoint issue fixed in MS06-012/CVE2006-009
Next by Date: [Full-disclosure] Live is live
Previous by thread: [Full-disclosure] PowerPoint issue fixed in MS06-012/CVE2006-009
Next by thread: [Full-disclosure] Live is live
Index(es):
- Date
- Thread