Published: 27/01/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote malicious users to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amax information technologies magic winmail server 4.0

source: wwwsecurityfocuscom/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads There is also a HTML injection vulnerability in the Webmail interface that could lead ...

source: wwwsecurityfocuscom/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads There is also a HTML injection vulnerability in the Webmail interface that could lead t ...

NVD-CWE-Other http://www.securityfocus.com/bid/12388 http://securitytracker.com/id?1013017 http://secunia.com/advisories/14053 http://marc.info/?l=bugtraq&m=110685011825461&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19114 https://exchange.xforce.ibmcloud.com/vulnerabilities/19108 https://nvd.nist.gov https://www.exploit-db.com/exploits/25065/

CVE-2005-0313

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect