CVE-2005-0367
published 2005-02-09CVE-2005-0367: Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a…
PriorityP420medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
1.86%
76.6th percentile
Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| argosoft | argosoft_mail_server | — | — |
| argosoft | argosoft_mail_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q97v-7gvv-9rqh: Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1
ghsa_unreviewed·2022-05-01
CVE-2005-0367 [MEDIUM] GHSA-q97v-7gvv-9rqh: Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1
Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter.
GHSA
GHSA-jhfx-cwwp-89fx: Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1
ghsa_unreviewed·2022-05-01·CVSS 4.6
CVE-2005-1283 [MEDIUM] GHSA-jhfx-cwwp-89fx: Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2005-02-09
Published