Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ….// (doubled dot dot) in the folderold or folder parameters to folders.html.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mail_server | Merak | 7.4.5 | 7.4.5 |
Web_mail | Icewarp | 5.2.7 | 5.2.7 |
Web_mail | Icewarp | 5.2.8 | 5.2.8 |
Web_mail | Icewarp | 3.3.2 | 3.3.2 |