Lucene search

[email protected]CVE-2005-0313

HistoryJan 27, 2005 - 5:00 a.m.

CVE-2005-0313

2005-01-2705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0313

magic winmail server

directory traversal

remote attack

arbitrary files

imap commands

nvd

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

CPENameOperatorVersion
amax_information_technologies:magic_winmail_serveramax information technologies magic winmail servereq4.0

CPE	Name	Operator	Version
amax_information_technologies:magic_winmail_server	amax information technologies magic winmail server	eq	4.0

References

marc.info/?l=bugtraq&m=110685011825461&w=2

secunia.com/advisories/14053

securitytracker.com/id?1013017

www.securityfocus.com/bid/12388

exchange.xforce.ibmcloud.com/vulnerabilities/19108

exchange.xforce.ibmcloud.com/vulnerabilities/19114

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON