Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: May 7, 2009
Lauren Gerber
1
Vote
0

Multiple Vulnerabilities Found In The IceWarp WebMail Server

 

In the world of computer security it never ends, vulnerabilities are everywhere. Another vulnerability has been found and this time it exists in the Merak Mail Server. It has recently been reported that multiple vulnerabilities were found in the Merak Mail Server. These vulnerabilities can actually be exploited by malicious individuals with the intention of performing SQL injection attacks; script insertion attacks as well as the popular phishing attacks.code.jpg

These vulnerabilities were discovered and reported by RedTeam Pentesting during a penetration test. It came to their attention that online attackers who are in control of users web based email accounts  as well as Groupware components, are literally able to execute arbitrary SQL select statements. This enables them to read any data that they wish from the database of the web server that you can access through the Icewarp email server.

The particular product that was affected is the IceWarp email Server / WebMail Server. There were multiple impacts from the vulnerabilities with the inclusion of Security bypass, exposure of sensitive information, cross site scripting and manipulation of specific data. According to RedTeam Pentesting, IceWarp's WebMail Server vulnerability is a high risk.Hectic_SQL.jpg

This product is from a vendor which you may or may not know called IceWarp. According to their webpage, IceWarp describes a part of the Webmail Server Pro product as:"Feature complete yet easy to use, WebMail Server Pro provides feature rich Web 2.0 web-based access to email, calendars, contacts, files and shared data from any computer with browser and internet connection, without the usual configuration hassle."

The main type of risk, that is the greatest cause of alarm, is the possibility of SQL Injection attacks. It is vital for all users to know that affected versions include 9.4.1 and there is the possibility that it has also affected various versions prior to this one. The question that may be asked is what can be done about this? The answer is fairly simple, it has been suggested that users update to the 9.4.2 version.

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Software Downloads

Free Spyhunter Download (Spyware/Trojan Detection), SCAN, BLOCK Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Latest Comments

February 9, 2010
I had the same problem with that Antivirus soft ***. All I did was reboot the computer to safemode... more..
February 8, 2010
Brian xavier- what is the support option you speak of? I just got it yesterday 2/12 since you had it... more..
February 8, 2010
Zlob is one of the most common types of trojan programs used to attack windows these days. In a typical... more..
more comments..
rss
Home > Computer Security > Multiple Vulnerabilities Found In The IceWarp WebMail Server