NotifyLink Enterprise Server Multiple Vulnerabilities

NotifyLink Enterprise Server is reported prone to multiple vulnerabilities. These issues can allow an attacker to disclose sensitive information, gain unauthorized access to certain functions, carry out SQL injection attacks and potentially disclose encrypted email messages.

The following specific issues were identified:

It is reported that the server is affected by a weakness that can allow an administrative user to disclose the NotifyLink server and mail server passwords of other users.

Another vulnerability can allow a user to bypass security restrictions and gain access to restricted functions.

The application is also affected by multiple remote SQL injection vulnerabilities.

Another weakness in the application may allow an attacker to potentially disclose encrypted emails.

NotifyLink Enterprise Server versions prior to 3.0 are affected by these issues.


Privacy Statement
Copyright 2010, SecurityFocus