CVE-2005-0313
published 2005-01-27CVE-2005-0313: Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.41%
87.4th percentile
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amax_information_technologies | magic_winmail_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access
exploitdb·2005-01-27
CVE-2005-0313 Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access
Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/12388/info
Magic Winmail Server is reportedly affected by multiple vulnerabilities.
There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie.
There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server.
Magic Winmail Server's FTP service also reportedly fails
Exploit-DB
Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload
exploitdb·2005-01-27
CVE-2005-0313 Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload
Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/12388/info
Magic Winmail Server is reportedly affected by multiple vulnerabilities.
There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie.
There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server.
Magic Winmail Server's FTP service also reportedly fails t
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110685011825461&w=2http://secunia.com/advisories/14053http://securitytracker.com/id?1013017http://www.securityfocus.com/bid/12388https://exchange.xforce.ibmcloud.com/vulnerabilities/19108https://exchange.xforce.ibmcloud.com/vulnerabilities/19114http://marc.info/?l=bugtraq&m=110685011825461&w=2http://secunia.com/advisories/14053http://securitytracker.com/id?1013017http://www.securityfocus.com/bid/12388https://exchange.xforce.ibmcloud.com/vulnerabilities/19108https://exchange.xforce.ibmcloud.com/vulnerabilities/19114
2005-01-27
Published