RSS   Podatności dla 'Personal email manager'   RSS

2009-10-22
 
CVE-2009-3749

CWE-Other
 

 
The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response.

 
 
CVE-2009-3748

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName parameters to actions/msgForwardToRiskFilter.asp and viewHeaders.asp in web/msgList/viewmsg/; and (11) the subject in an e-mail message that is held in a Queue.

 

 >>> Vendor: Websense 25 Produkty
Websense
Enterprise
Web security suite
Enterpise
Reporting tools
Personal email manager
Websense email security
Email security
Websense web filter
Websense web security
Websense web security gateway
Websense web security gateway anywhere
Websense content content gateway
Websense v10000
Triton unified security center
Triton web filter
Triton web security
Triton web security gateway
Triton web security gateway anywhere
Triton ap web
Triton ap data
Triton ap email
V-series appliances
Triton
Content gateway


Copyright 2024, cxsecurity.com

 

Back to Top