CVE Vulnerabilities

CVE-2004-1670

Published: Sep 10, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ….// (doubled dot dot) in the folderold or folder parameters to folders.html.

Affected Software

Name Vendor Start Version End Version
Mail_server Merak 7.4.5 7.4.5
Web_mail Icewarp 5.2.7 5.2.7
Web_mail Icewarp 5.2.8 5.2.8
Web_mail Icewarp 3.3.2 3.3.2

References