Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities

Kaspersky Secure Mail Gateway is prone to the following multiple security vulnerabilities:

1. A cross-site request-forgery vulnerability
2. An arbitrary command-execution vulnerability.
3. A local privilege-escalation vulnerability
4. A cross-site scripting vulnerability

Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain sensitive information, execute command with root privileges, and perform unauthorized actions. Failed exploits can result in a denial-of-service condition.

Secure Mail Gateway 1.1.0.379 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus