CVE-2004-1670 | Vulnerability Database | Aqua Security

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ….// (doubled dot dot) in the folderold or folder parameters to folders.html.

Affected Software

Name	Vendor	Start Version	End Version
Web_mail	Icewarp	3.3.2 (including)	3.3.2 (including)
Web_mail	Icewarp	5.2.7 (including)	5.2.7 (including)
Web_mail	Icewarp	5.2.8 (including)	5.2.8 (including)
Mail_server	Merak	7.4.5 (including)	7.4.5 (including)

References

http://marc.info/?l=bugtraq\u0026m=109483971420067\u0026w=2
http://secunia.com/advisories/12789
http://www.securityfocus.com/bid/11371
https://exchange.xforce.ibmcloud.com/vulnerabilities/17314
http://marc.info/?l=bugtraq\u0026m=109483971420067\u0026w=2
http://secunia.com/advisories/12789
http://www.securityfocus.com/bid/11371
https://exchange.xforce.ibmcloud.com/vulnerabilities/17314

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1670
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html