Vulnerabilities
NOCC Vulnerabilities
In the past, known vulnerabilities were unfortunately not forcefully fixed!
To adress this I am going through the list of vulnerabilities to check if they still exist. The checked version will be the current developer snapshot, so it is generally recommended to update your installation to the latest SVN version (it is tested and very stable). I will not go through the svn change comments to find the exact revision, when the vulnerability was fixed, so you will only find it fixed in version 1.9.3 or later.
Common Vulnerabilities and Exposures
CVE-2006-0895
NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php.
Fixed in NOCC 1.9.3
CVE-2006-0894
Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.
- Fixed in NOCC 1.1.0 [r1395] See also: OSVDB: 23424
- Fixed in NOCC 1.1.0 [r1395] See also: OSVDB: 23425
- Fixed in NOCC 1.1.0 [r1396] See also: OSVDB: 23426
- Fixed in NOCC 1.1.0 [r1396]
- Fixed in NOCC 1.1.0 [r1396]
- Fixed in NOCC 1.1.0 [r1396] See also: OSVDB: 23427
- Fixed in NOCC 1.1.0 [r1395] See also: OSVDB: 23423
CVE-2006-0893
NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments.
- Fixed in NOCC 1.9.3
- Fixed in NOCC 1.9.3
CVE-2006-0892
NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities.
Fixed in NOCC 1.9.4-dev 1.9.4
CVE-2006-0891
Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php.
- Fixed in NOCC 1.1.0 [r1395] See also: OSVDB: 23416
- Fixed in NOCC 1.1.0 [r1395] See also: OSVDB: 23417
- Fixed in NOCC 1.1.0 [r1395] See also: OSVDB: 23419
- Fixed in NOCC 1.9.0 [r2008] See also: OSVDB: 23418
CVE-2002-2343
Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.
Fixed in NOCC 0.9.6 [r1144].
The Open Source Vulnerability Database
Vendor Dictionary: NOCC Development Team
OSVDB: 23420
NOCC Mail Attachment Predictable Temp File Name Arbitrary Command Execution
Fixed in NOCC 1.9.4-dev 1.9.4
OSVDB: 23421
NOCC Profile Full Name Field Arbitrary PHP Code Injection
Fixed in NOCC 1.9.3
OSVDB: 23422
NOCC /profiles/ Directory Direct Request Information Disclosure
Fixed in NOCC 1.9.3
OSVDB: 23419
NOCC index.php theme Parameter Traversal Arbitrary File Access
Fixed in NOCC 1.1.0 [r1395] See also: CVE-2006-0891
OSVDB: 23418
NOCC functions.php Accept-Language HTTP Field Local PHP File Inclusion
Fixed in NOCC 1.9.0 [r2008] See also: CVE-2006-0891
OSVDB: 23417
NOCC common.php lang Parameter Traversal Arbitrary File Access
Fixed in NOCC 1.1.0 [r1395] See also: CVE-2006-0891
OSVDB: 23416
NOCC footer.php nocc_theme Parameter Traversal Arbitrary File Access
Fixed in NOCC 1.1.0 [r1395] See also: CVE-2006-0891
OSVDB: 23426
NOCC no_mail.php html_no_mail Parameter XSS
Fixed in NOCC 1.1.0 [r1396] See also: CVE-2006-0894
OSVDB: 23425
NOCC filter_prefs.php html_filter_select Parameter XSS
Fixed in NOCC 1.1.0 [r1395] See also: CVE-2006-0894
OSVDB: 23424
NOCC error.php html_error_occurred Parameter XSS
Fixed in NOCC 1.1.0 [r1395] See also: CVE-2006-0894
OSVDB: 23423
NOCC footer.php nocc_theme Parameter XSS
Fixed in NOCC 1.1.0 [r1395] See also: CVE-2006-0894
OSVDB: 23427
NOCC html_bottom_table.php Multiple Parameter XSS
Fixed in NOCC 1.1.0 [r1396] See also: CVE-2006-0894
SecurityFocus
Bugtraq: 16793
NOCC Webmail Multiple Input Validation Vulnerabilities
Fixed in NOCC 1.9.3
Bugtraq: 6014
NOCC Webmail View Headers HTML Injection Vulnerability
Fixed in NOCC 1.9.3
Bugtraq: 4740
NOCC Webmail Script Injection Vulnerability
Fixed in NOCC 1.9.3
Bugtraq: 3677
NOCC Webmail Unauthenticated Outgoing Mail Access
Fixed in NOCC 0.9.5
Security Tracker
SecurityTracker: 1015671
NOCC Has Multiple Bugs That Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
Fixed in NOCC 1.9.3
SecurityTracker: 1004287
NOCC PHP-based Webmail Client Software Displays Message Text as HTML Without Filtering, Allowing a Remote User to Access the Victim's Mailbox Using a Cross-Site Scripting Attack
Fixed in NOCC 1.9.3
Secunia
Vulnerability Report: NOCC 1.x
SA16921
NOCC Multiple Vulnerabilities and Security Issue
Fixed in NOCC 1.9.3
Related
Commit: [r1144]
Commit: [r1395]
Commit: [r1396]
Commit: [r2008]
Wiki: Home
