Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0313

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0313
Last Modified 05 Sep 2008 04:45:56
Published 27 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0313

Summary

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

Vulnerable Systems

Application

  • Amax Information Technologies Magic Winmail Server 4.0


References

XF - magic-winmail-command-directory-traversal(19114)

XF - magicwinmail-uploadphp-file-upload(19108)

BID - 12388

SECTRACK - 1013017

SECUNIA - 14053

BUGTRAQ - 20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities


Last Updated: 27 May 2016 10:39:46