6 May 2009, 10:16

Security Update for IceWarp eMail/WebMail Server

Version 9.4.2 of the IceWarp eMail/WebMail Server eliminates four security vulnerabilities. These include two cross-site scripting vulnerabilities, an SQL Injection vulnerability and a weakness in how the system sends mail to users. Under certain circumstances, an attacker could obtain the login credentials of a user.

See also:

Cross Site Scripting in Email View, a RedTeam advisory.
User-assisted Cross Site Scripting in RSS Feed Reader, a RedTeam advisory.
SQL Injection in Groupware Component, a RedTeam advisory.
Client-Side Specification of "Forgot Password" eMail Content, a RedTeam advisory.

Security Update for IceWarp eMail/WebMail Server

Internet Toolkit

Shortened-breaks

SSL for free - step by step

Testing email with encryption

The H Security Conficker information site

Health Check: FreeBSD - "The unknown giant"

The H Update Check

Could Apple's iPad be the New Firefox?

When is it worth saying it's Linux?

Health Check: Moonlight

New life for dead software

Interview: Joe Brockmeier, openSUSE Community Manager

What's new in Linux 2.6.32

Faster booting with Upstart

Build a Wi-Fi antenna using household materials

Welcome to The H

The H

The H open source

The H Security

The H Internet Toolkit