Xato Security Advisory XATO-122000-01 - The majority of the command-line SMTP mailers available for Win32-based systems are vulnerable when used to send mail from a web server. The vulnerabilities found allow remote web users to read and/or write to the servers file system, retrieve files from the server's file system as mail attachments, bounce and/or spoof e-mail messages, spam, flood, mail bomb, or otherwise use a server's resources without authorization, bounce off a server to perform port scans, bounce off a server to perform brute-force attacks to POP and/or SMTP accounts, reroute all the mail through an untrusted mail server by changing mailer options, and launch dos attacks against the server or other systems. Vulnerable mailers include BatMail v1.8d, Blat v1.85h, CGIMail v2.5, CLEMAIL v1.3, Comments v1.7, FormVar v1.61, GBMail v2.02, MailForm v1.96, MailMe! v1.6, MailPost v5.1, MailSend v7.15, MailSend v3.18, NetFormDD v2.9, Postie v6, SendFile v1.0, Stalkerlab's Mailers V1.2, WindMail v3.05, WebMailer Pro v1.2, WebMailer Lite v1.2, and wSendmail v1.5.
5778b64953305f37414121c27758dc5965bc40da638cb84c38fd43be55ea05a4Xato Security Advisory XATO-112000-01 - The Cart32 shopping cart v3.5 and below for Windows contains multiple remote vulnerabilities. Common user misconfigurations and bad password encryption make the application more vulnerable, often allowing a full compromise of the server.
1b68205e70ca4e4f88bcbe2c595d4abb3e3d2bc69c1f1a4b3a2ee611cee2a60cRemote vulnerabilies in the popular free email software Outblaze
5df78eeac0f105290b292936d7e3625d27b887b8dc7cbd37aa936f63bb2db1d7If you have installed Microsoft Office 2000 or keep current on your Windows Updates, you may have noticed a new WebFolders namespace in Windows Explorer. The fun part is that WebFolders have some significant weaknesses (inherited from FrontPage) and are such a new concept that it turns out they make a great entry point into a remote server.
01adda0b5af462be99d4d8071315e8516891937780a27b461c6b4e7ab4d80727
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed