---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Merak Mail Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34912 VERIFY ADVISORY: http://secunia.com/advisories/34912/ DESCRIPTION: Some vulnerabilities have been reported in Merak Mail Server, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct script insertion and phishing attacks. 1) Input passed via emails is not properly sanitised before being displayed in the HTML preview of the WebMail component. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious email is viewed. 2) Input passed via RSS feeds is not properly sanitised before being displayed in the WebMail component. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious RSS feed is viewed. 3) Input passed via XML data in a search query to the the web-based email and groupware components is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) An error in the "forgot password" feature can be exploited to insert arbitrary headers and content to emails sent from the web server. This can be exploited to conduct e.g. phishing attacks. Vulnerabilities #1 to #4 are reported in version 9.4.1. Prior versions may also be affected. 5) An error in the processing of HTTP requests can be exploited to disclose the content of PHP files via a specially crafted request. This vulnerability is reported in versions prior to 9.4.1. SOLUTION: Update to version 9.4.2. PROVIDED AND/OR DISCOVERED BY: 1 - 4) RedTeam Pentesting 5) Reported by the vendor. ORIGINAL ADVISORY: RedTeam Pentesting: 1) http://www.redteam-pentesting.de/advisories/rt-sa-2009-001 2) http://www.redteam-pentesting.de/advisories/rt-sa-2009-002 3) http://www.redteam-pentesting.de/advisories/rt-sa-2009-003 4) http://www.redteam-pentesting.de/advisories/rt-sa-2009-004 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------