CVE-2010-3459
published 2010-09-17CVE-2010-3459: Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.29%
66.5th percentile
Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gecad | axigen_mail_server | <= 7.4.1 | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
| gecad | axigen_mail_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)
exploitdb·2010-09-25
CVE-2009-3459 Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)
---
##
# $Id: adobe_flatedecode_predictor02.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'zlib'
class Metasploit3 'Adobe FlateDecode Stream Predictor 02 Integer Overflow',
'Description' => %q{
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe
Acrobat Professional versions before 9.2.
},
'License' => MSF_LICENSE,
'Author' =>
[
'unknown', # Found in the wild
# Metasploit version by:
'jduck'
],
'Version' => '$Revi
Exploit-DB
iPhone MobileMail - LibTIFF Buffer Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2006-3459 iPhone MobileMail - LibTIFF Buffer Overflow (Metasploit)
iPhone MobileMail - LibTIFF Buffer Overflow (Metasploit)
---
##
# $Id: mobilemail_libtiff.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'iPhone MobileMail LibTIFF Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the version of
libtiff shipped with firmware versions 1.00, 1.01, 1.02, and
1.1.1 of the Apple iPhone. iPhones which have not had the BSD
tools installed will need to use a special payload.
},
'License' => MSF_LICENSE,
'Author' => ['hdm', 'kf'],
'Version' => '$Re
Exploit-DB
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)
exploitdb·2010-09-20
CVE-2009-3459 Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)
---
##
# $Id: adobe_flatedecode_predictor02.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'zlib'
class Metasploit3 'Adobe FlateDecode Stream Predictor 02 Integer Overflow',
'Description' => %q{
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe
Acrobat Professional versions before 9.2.
},
'License' => MSF_LICENSE,
'Author' =>
[
'unknown', # Found in the wild
# Metasploit version by:
'jduck',
'jabra'
],
'Versio
Exploit-DB
Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow (Metasploit) (1)
exploitdb·2010-09-20
CVE-2006-3459 Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow (Metasploit) (1)
Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow (Metasploit) (1)
---
##
# $Id: safari_libtiff.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'iPhone MobileSafari LibTIFF Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the version of
libtiff shipped with firmware versions 1.00, 1.01, 1.02, and
1.1.1 of the Apple iPhone. iPhones which have not had the BSD
tools installed will need to use a special payload.
},
'License' => MSF_LICENSE,
'Author' => ['hdm
Exploit-DB
Apple iPhone MobileSafari LibTIFF - 'email' Remote Buffer Overflow (Metasploit) (2)
exploitdb·2010-09-20
CVE-2006-3459 Apple iPhone MobileSafari LibTIFF - 'email' Remote Buffer Overflow (Metasploit) (2)
Apple iPhone MobileSafari LibTIFF - 'email' Remote Buffer Overflow (Metasploit) (2)
---
##
# $Id: safari_libtiff.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'iPhone MobileSafari LibTIFF Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the version of
libtiff shipped with firmware versions 1.00, 1.01, 1.02, and
1.1.1 of the Apple iPhone. iPhones which have not had the BSD
tools installed will need to use a special payload.
},
'License' => MSF_LICENSE,
'Author' => ['hdm',
No writeups or analysis indexed.
http://secunia.com/advisories/41430http://www.axigen.com/press/product-releases/axigen-releases-version-742_74.htmlhttp://www.osvdb.org/68026http://www.securityfocus.com/bid/43230http://www.vupen.com/english/advisories/2010/2415https://exchange.xforce.ibmcloud.com/vulnerabilities/61825http://secunia.com/advisories/41430http://www.axigen.com/press/product-releases/axigen-releases-version-742_74.htmlhttp://www.osvdb.org/68026http://www.securityfocus.com/bid/43230http://www.vupen.com/english/advisories/2010/2415https://exchange.xforce.ibmcloud.com/vulnerabilities/61825
2010-09-17
Published