7 vulnerabilities have been found in Neon WebMail for Java. When exploited, these vulnerabilities allow executing of arbitrary JSP code, escalation of user's privileges, manipulating of user's emails and user account information, disclosure of files on the server, and potentially cause a DoS via large CPU resource utilization by the MySQL server.
1ac3a24def980205e93b5bcbe227fa92f6bb8e0f9c1647d320df1e93dd18e582[vuln.sg] Vulnerability Research Advisory
Neon WebMail for Java Multiple Vulnerabilities
by Tan Chew Keong
Release Date: 2006-09-20
Summary
-------
7 vulnerabilities have been found in Neon WebMail for Java. When
exploited, these vulnerabilities allow executing of arbitrary JSP code,
escalation of user's privileges, manipulating of user's emails and user
account information, disclosure of files on the server, and potentially
cause a DoS via large CPU resource utilisation by the MySQL server.
Tested Versions
---------------
Neon WebMail for Java version 5.06 and 5.07 (build.200607050)
Details
-------
http://vuln.sg/neonmail506-en.html
http://vuln.sg/neonmail506-jp.html
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed