ArGoSoft Web-Mail security problem. A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP (Version 1.8.1.9) I did not test other versions, this is the only I have, but others should be vulnerable too. The problem is in the Web-Mail interface, it is posible to execute javascript by sending it inside a mail, ArGoSoft does not filter that, and you can steal the cookie from the user, the cookie has a problem too, it saves the username and the password in plain text, you have only to decode the cookie, and you have something like that: mail@domain:password I would desactivate de Web-Mail interface until a patch is released. Francisco Claude zorbas@systat.cl P.S. Sorry for my bad english.
