Vulnerabilities > CVE-2006-4953 - Input Validation vulnerability in Neosys Neon Webmail 5.06/5.07

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
neosys
exploit available
NVD
Published: 2006-09-23
Updated: 2017-07-20

Summary

Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.

Vulnerable Configurations

Part Description Count
Application
Neosys
2

Exploit-Db

  • descriptionNeoSys Neon Webmail for Java 5.06/5.07 addrlist Servlet Multiple Parameter SQL Injection. CVE-2006-4953. Webapps exploit for jsp platform
    idEDB-ID:28607
    last seen2016-02-03
    modified2006-09-20
    published2006-09-20
    reporterTan Chew Keong
    sourcehttps://www.exploit-db.com/download/28607/
    titleNeoSys Neon Webmail for Java 5.06/5.07 addrlist Servlet Multiple Parameter SQL Injection
  • descriptionNeoSys Neon Webmail for Java 5.06/5.07 maillist Servlet Multiple Parameter SQL Injection. CVE-2006-4953. Webapps exploit for jsp platform
    idEDB-ID:28608
    last seen2016-02-03
    modified2006-09-20
    published2006-09-20
    reporterTan Chew Keong
    sourcehttps://www.exploit-db.com/download/28608/
    titleNeoSys Neon Webmail for Java 5.06/5.07 maillist Servlet Multiple Parameter SQL Injection

References