Vulnerability CVE-2005-0313

Vulnerability CVE-2005-0313

Published: 2005-01-27 Modified: 2012-02-12

Description:

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Amax information technologies -> Magic winmail server

References:

http://xforce.iss.net/xforce/xfdb/19114

http://xforce.iss.net/xforce/xfdb/19108

http://www.securityfocus.com/bid/12388

http://securitytracker.com/id?1013017

http://secunia.com/advisories/14053

http://marc.theaimsgroup.com/?l=bugtraq&m=110685011825461&w=2

Copyright 2024, cxsecurity.com