Home page logo
/

webappsec logo WebApp Sec mailing list archives

Smarter Mail All Versions - Privilege Escalation
From: Mark Litchfield <mark () securatary com>
Date: Mon, 03 Feb 2014 12:06:33 -0800

This attack will allow a regular SmarterMail user to elevate their privileges to Domain Administrator.

I tried to contact Smartmail with the usual security email aliases, apparently they do not have any. I posted to their forum for a contact and all I got was an email stating check you are running the latest version then if you like please contact us at sales () smartertools com

I personally do not want to run around here and there on my own time. Maybe they should consider a more different approach to people trying to report security issues. A good start would be security () smartertools com

A step by step with the usual screen shots at - http://www.securatary.com/vulnerabilities

All the best

Mark Litchfield
www.securatary.com





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault