Vulnerability CVE-2005-1283

Vulnerability CVE-2005-1283

Published: 2005-04-22 Modified: 2012-02-12

Description:

Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Argosoft -> Argosoft mail server

References:

http://xforce.iss.net/xforce/xfdb/20229

http://xforce.iss.net/xforce/xfdb/20226

http://www.osvdb.org/15823

http://www.osvdb.org/15821

http://marc.theaimsgroup.com/?l=bugtraq&m=111419001527077&w=2

Copyright 2024, cxsecurity.com