Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0410

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0410
Last Modified 05 Sep 2008 04:27:57
Published 26 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0410

Summary

send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.

Vulnerable Systems

Application

  • Aeromail 1.02

  • Aeromail 1.10

  • Aeromail 1.20

  • Aeromail 1.26

  • Aeromail 1.30

  • Aeromail 1.40


References

BID - 4214

XF - aeromail-obtain-files(8345)

CONFIRM - http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz

MISC - http://the.cushman.net/projects/aeromail/download/

BUGTRAQ - 20020303 AeroMail multiple vulnerabilities


Last Updated: 27 May 2016 10:36:54