Emurl Scripting Vulnerability

Emurl places attachments received via email into a folder that is accessible via http and marked 'scriptable'. Because of this it can be possible for an attacker send attachments containing hostile asp or similar scripting code to an email address on the target server. This code will then be executed by the webserver when the recipient reads their email.


 

Privacy Statement
Copyright 2010, SecurityFocus