1. CVE-Search
  2. CVE-2005-0313
ID CVE-2005-0313
Summary Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
References
Vulnerable Configurations
  • cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 12388
bugtraq 20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities
sectrack 1013017
secunia 14053
xf
  • magic-winmail-command-directory-traversal(19114)
  • magicwinmail-uploadphp-file-upload(19108)
Last major update 11-07-2017 - 01:32
Published 27-01-2005 - 05:00
Last modified 11-07-2017 - 01:32
Back to Top