Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ….// (doubled dot dot) in the folderold or folder parameters to folders.html.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Web_mail | Icewarp | 3.3.2 (including) | 3.3.2 (including) |
Web_mail | Icewarp | 5.2.7 (including) | 5.2.7 (including) |
Web_mail | Icewarp | 5.2.8 (including) | 5.2.8 (including) |
Mail_server | Merak | 7.4.5 (including) | 7.4.5 (including) |