• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NetWin SurgeMail Multiple Remote HTML Injection and File Upload Vulnerabilities

Multiple remote file upload and HTML injection vulnerabilities affect NetWin SurgeMail. The underlying causes of these issues are a failure ot sanitize user-supplied input and a failure to securely handle the file upload functionality.

These issues may be leverage to upload arbitrary files into arbitrary locations writable to the affected application and carry out HTML injection attacks against the SurgeMail administrator. This may facilitate theft of credentials and potentially compromise of the email server.