CVE-2006-0711 | Vulnerability Database | Aqua Security

The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.

Affected Software

Name	Vendor	Start Version	End Version
Neomail	Neomail	*	1.28 (including)

References

http://secunia.com/advisories/18785
http://secunia.com/secunia_research/2006-3/advisory/
http://sourceforge.net/project/shownotes.php?release_id=392562\u0026group_id=2874
http://www.securityfocus.com/bid/16651
http://www.vupen.com/english/advisories/2006/0564
https://exchange.xforce.ibmcloud.com/vulnerabilities/24737
http://secunia.com/advisories/18785
http://secunia.com/secunia_research/2006-3/advisory/
http://sourceforge.net/project/shownotes.php?release_id=392562\u0026group_id=2874
http://www.securityfocus.com/bid/16651
http://www.vupen.com/english/advisories/2006/0564
https://exchange.xforce.ibmcloud.com/vulnerabilities/24737

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0711
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html