Showing 1 - 1 of 1

CVE-2009-1469

Status Candidate

Overview

CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.

Related Files

IceWarp WebMail Mail Forgery: Posted May 5, 2009; Site redteam-pentesting.de; RedTeam Pentesting discovered that the emails sent by the IceWarp WebMail Server when using the "Forgot Password" function are generated on the client side. Version 9.4.1 is affected.; tags | exploit; advisories | CVE-2009-1469; SHA-256 | 1ec12dfa5d7cbbe58e8577e45b16fe8b37ed0601c0e2780e3e8c2965ca0e8826; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 260 files
Ubuntu 93 files
indoushka 64 files
Jasper Nota 25 files
Gentoo 20 files
Willem Westerhof 19 files
Debian 16 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,090)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,646)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,729)
UNIX (9,433)
UnixWare (187)
Windows (6,670)
Other

CVE-2009-1469

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems