Secunia Security Advisory - Gemma Hughes has reported some vulnerabilities in MailPost, which can be exploited by malicious people to disclose some system information and conduct cross-site scripting attacks.
abdc80782b8157240cfd8f1f33b3d15d19f7db25c6d3d9b398566cb65cf5d3c3
----------------------------------------------------------------------
Monitor, Filter, and Manage Security Information
- Filtering and Management of Secunia advisories
- Overview, documentation, and detailed reports
- Alerting via email and SMS
Request Trial:
https://ca.secunia.com/?f=l
----------------------------------------------------------------------
TITLE:
MailPost Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA13093
VERIFY ADVISORY:
http://secunia.com/advisories/13093/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting, Exposure of system information
WHERE:
>From remote
SOFTWARE:
MailPost 5.x
http://secunia.com/product/4212/
DESCRIPTION:
Gemma Hughes has reported some vulnerabilities in MailPost, which can
be exploited by malicious people to disclose some system information
and conduct cross-site scripting attacks.
1) An input validation error in "mailpost.exe" can be exploited to
determine the existence of local files via directory traversal
attacks by examining the error output.
2) An improper behaviour in "mailpost.exe" can be exploited to
disclose some system information by supplying a specially crafted
"*debug*" parameter.
3) Some input passed to "mailpost.exe" isn't properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of a vulnerable site.
Examples:
http://[victim]/scripts/mailpost.exe?*debug*=''&append=[code]
http://[victim]/scripts/mailpost.exe/[code]/mail.txt
The vulnerabilities have been reported in version 5.1.1. Other
versions may also be affected.
SOLUTION:
Filter malicious characters and character sequences in a proxy or
firewall with URL filtering capabilities.
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Gemma Hughes
ORIGINAL ADVISORY:
http://www.procheckup.com/security_info/vuln_pr0408.html
http://www.procheckup.com/security_info/vuln_pr0409.html
http://www.procheckup.com/security_info/vuln_pr0410.html
http://www.procheckup.com/security_info/vuln_pr0411.html
OTHER REFERENCES:
US-CERT VU#596046:
http://www.kb.cert.org/vuls/id/596046
US-CERT VU#107998:
http://www.kb.cert.org/vuls/id/107998
US-CERT VU#306086:
http://www.kb.cert.org/vuls/id/306086
US-CERT VU#858726:
http://www.kb.cert.org/vuls/id/858726
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------