BenTasker.co.uk

Home
Blog
Whitepapers
Documentation
Videos
Shop
Photography

Home / Blog

Latest Posts

Spamhaus still parties like it's 1999
Twitter Screws Up With Data It Shouldn't Hold
Brexit: My Predictions
Screenshot Social Media, Don't embed
Disk automatically unmounts immediately after mounting

This site should work without Javascript enabled. If you find something doesn't, please Contact Me.

Security

Spamhaus still parties like it's 1999	16 October 2019
Twitter Screws Up With Data It Shouldn't Hold	09 October 2019
The Curious Case of BitFi and Secret Persistence	16 July 2019
A guide to designing Account Security Mechanisms	26 March 2017
Don't Use Web2Tor/Tor2Web (especially Onion.cab)	04 March 2017
The State of Mobile Banking (in the UK)	21 June 2016
The DVLA is routinely sending sensitive details via email	28 December 2014
Understanding Password Storage	22 June 2014
My Own Little HeartBleed Headache	19 April 2014
Why You Shouldn't be using SHA1 or MD5 to Store Passwords	07 June 2013

Page 1 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2010-5334 (webclient)
CVE-2010-5335 (webclient)
CVE-2010-5336 (webclient)
CVE-2010-5337 (webclient)
CVE-2010-5338 (webclient)
CVE-2010-5339 (webclient)
CVE-2010-5340 (webclient)
CVE-2015-9457 (pretty_link)
CVE-2015-9460 (pinpoint_booking_system)
CVE-2015-9462 (awesome_filterable_portfolio)

Return to listing

CVE-2010-5334 (webclient)

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

CVE-2010-5335 (webclient)

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

CVE-2010-5336 (webclient)

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.

CVE-2010-5337 (webclient)

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.

CVE-2010-5338 (webclient)

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.

CVE-2010-5339 (webclient)

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.

CVE-2010-5340 (webclient)

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

CVE-2015-9457 (pretty_link)

The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.

CVE-2015-9460 (pinpoint_booking_system)

The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.

CVE-2015-9462 (awesome_filterable_portfolio)

The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.

Latest Posts

Spamhaus still parties like it's 1999
Twitter Screws Up With Data It Shouldn't Hold
Brexit: My Predictions
Screenshot Social Media, Don't embed
Disk automatically unmounts immediately after mounting

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template