Published: 25/11/2005 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and previous versions allows remote malicious users to overwrite arbitrary files with session information via the sid parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amax information technologies magic winmail server

<?php /* WinMail Server 44 build 1124 (WebMail) remote add new Super User exploit * by rgod * * software site: wwwmagicwinmailnet/downloadasp * * * vulnerable code in /inc/classsessionphp at lines 8-25: * * function Load() { * $result = Array(); * * $sessionfile = $this->temp_folder"_sessions/"$this- ...

NVD-CWE-Other http://secunia.com/secunia_research/2005-58/advisory/http://secunia.com/advisories/16665 http://www.securityfocus.com/bid/15493/http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html http://www.osvdb.org/20925 http://securityreason.com/securityalert/195 https://exchange.xforce.ibmcloud.com/vulnerabilities/23132 https://nvd.nist.gov https://www.exploit-db.com/exploits/3622/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-3811

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect