Vulnerabilities > CVE-2006-4953 - Unspecified vulnerability in Neosys Neon Webmail 5.06/5.07

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
neosys
exploit available
NVD
Published: 2006-09-23
Updated: 2024-11-21

Summary

Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.

Vulnerable Configurations

Part Description Count
Application
Neosys
2

Exploit-Db

  • descriptionNeoSys Neon Webmail for Java 5.06/5.07 addrlist Servlet Multiple Parameter SQL Injection. CVE-2006-4953. Webapps exploit for jsp platform
    idEDB-ID:28607
    last seen2016-02-03
    modified2006-09-20
    published2006-09-20
    reporterTan Chew Keong
    sourcehttps://www.exploit-db.com/download/28607/
    titleNeoSys Neon Webmail for Java 5.06/5.07 addrlist Servlet Multiple Parameter SQL Injection
  • descriptionNeoSys Neon Webmail for Java 5.06/5.07 maillist Servlet Multiple Parameter SQL Injection. CVE-2006-4953. Webapps exploit for jsp platform
    idEDB-ID:28608
    last seen2016-02-03
    modified2006-09-20
    published2006-09-20
    reporterTan Chew Keong
    sourcehttps://www.exploit-db.com/download/28608/
    titleNeoSys Neon Webmail for Java 5.06/5.07 maillist Servlet Multiple Parameter SQL Injection

References