CVE-2005-0313
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/01/2005
Last modified:
03/04/2025
Description
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=110685011825461&w=2
- http://secunia.com/advisories/14053
- http://securitytracker.com/id?1013017=
- http://www.securityfocus.com/bid/12388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19114
- http://marc.info/?l=bugtraq&m=110685011825461&w=2
- http://secunia.com/advisories/14053
- http://securitytracker.com/id?1013017=
- http://www.securityfocus.com/bid/12388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19114