Vulnerabilities > CVE-2005-3692 - Unspecified vulnerability in Amax Information Technologies Magic Winmail Server 4.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | WINMAIL_42B0824.NASL |
description | The remote host is running Winmail Server, a commercial mail server for Windows from AMAX Information Technologies. The web interface that is used by Winmail Server for reading mail and administering the server fails to sanitize user-supplied input to various parameters and scripts. Beyond the usual cross-site scripting attacks, this can also be leveraged by an unauthenticated attacker to overwrite arbitrary files on the affected system, which could compromise the system |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20227 |
published | 2005-11-20 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20227 |
title | Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/133374/winmailserver42-xss.txt |
id | PACKETSTORM:133374 |
last seen | 2016-12-05 |
published | 2015-08-30 |
reporter | Jing Wang |
source | https://packetstormsecurity.com/files/133374/Winmail-Server-4.2-Cross-Site-Scripting.html |
title | Winmail Server 4.2 Cross Site Scripting |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html
- http://secunia.com/advisories/16665
- http://secunia.com/advisories/16665
- http://secunia.com/secunia_research/2005-58/advisory/
- http://secunia.com/secunia_research/2005-58/advisory/
- http://www.osvdb.org/20926
- http://www.osvdb.org/20926
- http://www.osvdb.org/20927
- http://www.osvdb.org/20927
- http://www.osvdb.org/20928
- http://www.osvdb.org/20928
- http://www.securityfocus.com/bid/15493
- http://www.securityfocus.com/bid/15493
- http://www.vupen.com/english/advisories/2005/2485
- http://www.vupen.com/english/advisories/2005/2485