logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2004-1670

Description

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.


Affected Software


CPE Name Name Version
icewarp:web_mail icewarp web mail 5.2.8
merak:mail_server merak mail server 7.4.5
icewarp:web_mail icewarp web mail 3.3.2
icewarp:web_mail icewarp web mail 5.2.7

Related