cgiemail and cgiecho Multiple Security Vulnerabilities

cgiemail and cgiecho are prone to the following security vulnerabilities:

1. A format-string vulnerability
2. Multiple open-redirection vulnerabilities
3. An HTTP header-injection vulnerability and
4. A cross-site scripting vulnerability

An attacker may leverage these issues to execute arbitrary code within the context of an application, to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks.


Privacy Statement
Copyright 2010, SecurityFocus