ID de Prueba:	1.3.6.1.4.1.25623.1.0.800388
Categoría:	Web application abuses
Título:	IceWarp Merak Mail Server < 9.4.2 Multiple Vulnerabilities
Resumen:	IceWarp Merak Mail Server is prone to multiple vulnerabilities.
Descripción:	Summary: IceWarp Merak Mail Server is prone to multiple vulnerabilities. Vulnerability Insight: - Error in cleanHTML function in server/inc/tools.php is related to the email view and incorrect processing of HTML filtering. - Error in getHTML function in server/inc/rss/item.php is related to title, link, or description element in an RSS feed. - Error exists in search form in server/webmail.php in the Groupware component via 'sql' and 'order_by' elements in an XML search query. - Error occur in Forgot Password implementation in server/webmail.php via CRLF sequences preceding a Reply-To header in the subject element of an XML document. Vulnerability Impact: Successful attacks will allow attackers to inject arbitrary web script or HTML script code via a specially crafted email in a user's browser session in the context of an affected site. Affected Software/OS: IceWarp Merak Mail Server prior to version 9.4.2. Solution: Update to version 9.4.2 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1467 BugTraq ID: 34825 http://www.securityfocus.com/bid/34825 Bugtraq: 20090505 [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View (Google Search) http://www.securityfocus.com/archive/1/503225/100/0/threaded Bugtraq: 20090505 [RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader (Google Search) http://www.securityfocus.com/archive/1/503229/100/0/threaded http://www.redteam-pentesting.de/advisories/rt-sa-2009-001 http://www.redteam-pentesting.de/advisories/rt-sa-2009-002 http://osvdb.org/54226 http://osvdb.org/54227 http://www.securitytracker.com/id?1022167 http://www.securitytracker.com/id?1022168 http://www.vupen.com/english/advisories/2009/1253 XForce ISS Database: merak-webmail-xss(50331) https://exchange.xforce.ibmcloud.com/vulnerabilities/50331 Common Vulnerability Exposure (CVE) ID: CVE-2009-1468 BugTraq ID: 34820 http://www.securityfocus.com/bid/34820 Bugtraq: 20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component (Google Search) http://www.securityfocus.com/archive/1/503226/100/0/threaded http://www.redteam-pentesting.de/advisories/rt-sa-2009-003 http://osvdb.org/54228 http://www.securitytracker.com/id?1022169 Common Vulnerability Exposure (CVE) ID: CVE-2009-1469 BugTraq ID: 34827 http://www.securityfocus.com/bid/34827 Bugtraq: 20090505 [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content (Google Search) http://www.securityfocus.com/archive/1/503227/100/0/threaded http://www.redteam-pentesting.de/advisories/rt-sa-2009-004 http://osvdb.org/54229 http://www.securitytracker.com/id?1022166 XForce ISS Database: merak-forgot-password-header-injection(50332) https://exchange.xforce.ibmcloud.com/vulnerabilities/50332
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.