Published: 31/12/2003 Updated: 29/07/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

CommuniGate Pro 3.1 up to and including 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote malicious users to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stalker communigate pro 3.1
stalker communigate pro 3.2.4
stalker communigate pro 4.0.2
stalker communigate pro 3.2_b5
stalker communigate pro 3.2_b7
stalker communigate pro 4.0.6
stalker communigate pro 4.0_b2
stalker communigate pro 4.0.3
stalker communigate pro 3.3_b2
stalker communigate pro 3.4_b3
stalker communigate pro 4.0.1
stalker communigate pro 3.3.2
stalker communigate pro 3.3_b1
stalker communigate pro 4.0_b3

#!/usr/bin/perl # Below is exploit code Place it into cgi-bin, then # (recommended) make symlink from # DocumentRoot/AnyImagegif to shjpl, configure # at least $url variable, and possible other vars and # send victim HTML message with img src to your # AnyImagegif When victim will read message, script # will download messages 110 from his m ...

CWE-200 http://www.securityfocus.com/archive/1/320438 http://www.securityfocus.com/bid/7501 http://securityreason.com/securityalert/3290 https://exchange.xforce.ibmcloud.com/vulnerabilities/11932 https://nvd.nist.gov https://www.exploit-db.com/exploits/27/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1481

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect