Package : Sqwebmail Vendor : Inter7 Vulnerability : access to private account without login, session hijacking Problem-Type : remote risk : low
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"risk: low"
Version : All the version seems to be affected. Official Site : http://www.inter7.com/sqwebmail/sqwebmail.html N Advisories : 0002
Example: ------------------- MY STAT FOR MY WEBSITE - REFERENT DOMAIN http://mailserver.society.com/cgi-bin/sqwebmail/login/mail%40server.org.authvchkpw/3247A0578D6F3E74F37A20FF37B52A1C/1069089171?folder=Trash&form=folders
"page not found". how helpful!
Read, write and fake your e-mail. Could send , from you email address, a mail to your ISP and ask it User e PASS of your website. The consequences would be catastrophic.
"consequences...catastrophic"
make up your mind, dude. is low or catastrophic?
Paul Theodoropoulos http://www.anastrophe.com
