CVE-2005-3811
published 2005-11-25CVE-2005-3811: Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary…
PriorityP335medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
7.33%
93.6th percentile
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amax_information_technologies | magic_winmail_server | <= 4.2 | — |
| netqmail | netqmail | >= 0 < 1.06-6.2~deb10u1build0.20.04.1 | 1.06-6.2~deb10u1build0.20.04.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8g6v-v3p8-6wx3: Directory traversal vulnerability in admin/main
ghsa_unreviewed·2022-05-01
CVE-2005-3811 [MEDIUM] GHSA-8g6v-v3p8-6wx3: Directory traversal vulnerability in admin/main
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
OSV
netqmail vulnerabilities
osv·2020-09-29·CVSS 9.8
CVE-2005-1513 netqmail vulnerabilities
netqmail vulnerabilities
It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause netqmail
to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,
CVE-2005-1515)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this to bypass email
address validation. (CVE-2020-3811)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to
cause netqmail to disclose sensitive information. (CVE-2020-3812)
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.htmlhttp://secunia.com/advisories/16665http://secunia.com/secunia_research/2005-58/advisory/http://securityreason.com/securityalert/195http://www.osvdb.org/20925http://www.securityfocus.com/bid/15493/https://exchange.xforce.ibmcloud.com/vulnerabilities/23132http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.htmlhttp://secunia.com/advisories/16665http://secunia.com/secunia_research/2005-58/advisory/http://securityreason.com/securityalert/195http://www.osvdb.org/20925http://www.securityfocus.com/bid/15493/https://exchange.xforce.ibmcloud.com/vulnerabilities/23132
2005-11-25
Published