06 May 2009, 09:16
Security Update for IceWarp eMail/WebMail Server
Version 9.4.2 of the IceWarp eMail/WebMail Server eliminates four security vulnerabilities. These include two cross-site scripting vulnerabilities, an SQL Injection vulnerability and a weakness in how the system sends mail to users. Under certain circumstances, an attacker could obtain the login credentials of a user.
See also:
- Cross Site Scripting in Email View, a RedTeam advisory.
- User-assisted Cross Site Scripting in RSS Feed Reader, a RedTeam advisory.
- SQL Injection in Groupware Component, a RedTeam advisory.
- Client-Side Specification of "Forgot Password" eMail Content, a RedTeam advisory.
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-741443
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
