OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier

From: Olivier M. (qmailorion.8304.ch)
Date: Thu Aug 21 2003 - 04:24:30 CDT


On Tue, Aug 19, 2003 at 07:15:32PM -0000, Phillip Whelan wrote:
> Product: Omail Webmail
> The flaw occurs in the function checklogin();

thx, version 0.98.5 released today, including your bugfix:
http://prdownloads.sourceforge.net/omail/omail-webmail-0.98.5.tar.gz

> The author was contacted two weeks ago, but did not
> respond.

summertime -> ever heard of holidays... ? :)

regards,
Olivier
--
_________________________________________________________________
 Olivier Mueller - om8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch