Test ID:	1.3.6.1.4.1.25623.1.0.900204
Category:	Web application abuses
Title:	MicroWorld MailScan for Mail Servers < 6.4a Multiple Vulnerabilities
Summary:	MailScan is prone to multiple vulnerabilities.
Description:	Summary: MailScan is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - an input validation error within the web administration interface. - the web administration interface does not properly restrict access to certain pages. can cause an authentication-bypass vulnerability. - an input passed via URL to the web administration interface is not properly sanitized before being returned to the user. Vulnerability Impact: Successful Remote exploitation will allow, to gain unauthorized access to disclose sensitive information, directory traversal attacks, cross site scripting, execution of arbitrary script code within the context of the website to steal cookie-based authentication credentials. Affected Software/OS: MicroWorld MailScan for Mail Servers 5.6a and prior versions. Solution: Upgrade to MicroWorld MailScan Version 6.4a or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3726 BugTraq ID: 30700 http://www.securityfocus.com/bid/30700 Bugtraq: 20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface (Google Search) http://marc.info/?l=bugtraq&m=121881329424635&w=2 http://www.oliverkarow.de/research/mailscan.txt http://secunia.com/advisories/31534 http://securityreason.com/securityalert/4172 XForce ISS Database: mailscan-admininterface-xss(44517) https://exchange.xforce.ibmcloud.com/vulnerabilities/44517
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.