Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14347
HistorySep 20, 2006 - 12:00 a.m.

[Full-disclosure] [vuln.sg] Neon WebMail for Java Multiple Vulnerabilities

2006-09-2000:00:00
vulners.com
10
JSON

[vuln.sg] Vulnerability Research Advisory

Neon WebMail for Java Multiple Vulnerabilities

by Tan Chew Keong
Release Date: 2006-09-20

Summary

7 vulnerabilities have been found in Neon WebMail for Java. When
exploited, these vulnerabilities allow executing of arbitrary JSP code,
escalation of user's privileges, manipulating of user's emails and user
account information, disclosure of files on the server, and potentially
cause a DoS via large CPU resource utilisation by the MySQL server.

Tested Versions

Neon WebMail for Java version 5.06 and 5.07 (build.200607050)

Details

http://vuln.sg/neonmail506-en.html
http://vuln.sg/neonmail506-jp.html

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON