symantec mail-gear 1.0 - Directory Traversal Vulnerability

ID EDB-ID:19644
Type exploitdb
Reporter Ussr Labs
Modified 1999-11-29T00:00:00


Symantec Mail-Gear 1.0 Directory Traversal Vulnerability. CVE-1999-0842 . Remote exploits for multiple platform


Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to. 

http: //
will display the server's autoexec.bat in a default NT installation.