[Full-Disclosure] RS-2004-2: "Content-Type" XSS vulnerability affecting other webmail systems
Date: Mon Jul 05 2004 - 14:28:16 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
On 29.May.2004, I disclosed an important XSS vulnerability in latest
versions of a well-known webmail: SquirrelMail. Upon publication I
received the notice that other important webmails were also vulnerable
to the same bug. Indeed the same exploits released for SquirrelMail
worked without any changes in these systems. I decided to contact
several other webmail vendors and ask directly to check their software
and confirm or deny the vulnerability.
The purpose of this brief advisory is to provide you with the
collected info in an objective and summarized way.
PS: Sorry for the big delay.
Saludos,
--Roman
- --
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBQOmPneR/in3q1WdCEQKHUQCfaNoy7mu+g0AKsK9LFiwVyT5zXJEAoIzW
h0imdE0FayaQLIFBiX47hpHW
=9k38
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- text/plain attachment: RS-Labs-Advisory-2004-2.txt
This archive was generated by hypermail 2.1.8 : Mon Jul 05 2004 - 16:01:14 EDT
