SSD Advisory – Kerio Mailbox Takeover
Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email containing URL to said malicious to the victim. Credit Jokūbas Arsoba Affected Devices Vendor Response The vendor has been notified …
