[openwebmail] Fw: Re: XSS bug.

To: dsr@xxxxxxxxxxxxxxxxxx
Subject: [openwebmail] Fw: Re: XSS bug.
From: "A. Ramos" <aramosf@xxxxxxxxx>
Date: Thu, 3 Jun 2004 14:43:27 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20040603122959.M80216@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20040602161145.M44981@xxxxxxxxx> <20040603122959.M80216@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: aramosf@xxxxxxxxx

Hello all,

  Its a forward message from openwebmail bugtraq system with the problem and 
the solution ;-)



---------- Forwarded Message -----------
From: "openwebmail" <openwebmail@xxxxxxxxxxxxxxxxxxxxx>
To: "aramosf" <aramosf@xxxxxxxxx>
Sent: Thu, 3 Jun 2004 20:30:07 +0800
Subject: Re: XSS bug.

On Wed, 2 Jun 2004 18:15:06 +0200, aramosf wrote
> Hello,
> 
> I tried to exploit openwebmail 2.32 (latest stable) with the same 
> adv of SquireMail from RomanSoft, http://www.rs-labs.com/adv/RS-Labs-
> Advisory-2004-1.txt, and the openwebmail is vulnerable too.
> 
> --
> A. Ramos <aka dab>
> http://www.unsec.net

Hi,

Thanks for the bug report,
it has been fixed in the latest openwebmail-current.tgz.

Regards.

tung
--
Distributed System Laboratory (http://dslab.ee.ncku.edu.tw)
Department of Electrical Engineering
National Cheng Kung University, Tainan, Taiwan, R.O.C.
------- End of Forwarded Message -------

--
A. Ramos <aka dab>
http://www.unsec.net

Prev by Date: RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
Next by Date: [FLSA-2004:1620] Updated cvs resolves security vulnerabilities
Previous by thread: Re: Bank of America security e-mail address
Next by thread: [FLSA-2004:1620] Updated cvs resolves security vulnerabilities
Index(es):
- Date
- Thread