Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote malicious users to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icewarp web mail 5.2.8 |
||
merak mail server 7.4.5 |
||
icewarp web mail 3.3.2 |
||
icewarp web mail 5.2.7 |