10 matches found
EUVD-2006-5195
Malware in sbrugna...
ironwebmail <= 6.1.1 - Directory Traversal information disclosure vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20436/info IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to...
IronWebMail目录遍历信息泄露漏洞
IronWebMail是一款企业级的硬件防火墙设备。 IronWebMail在处理畸形HTTP请求时存在目录遍历漏洞,远程攻击者可以利用此漏洞通过在URL中嵌入编码后的目录遍历串访问设备上的任意文件。 CipherTrust IronMail 6.1.1 CipherTrust IronMail 5.0.1 CipherTrust IronMail 4.5.1 CipherTrust IronMail 4.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ciphertrust.com/ GET...
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access
The remote host appears to be an IronMail appliance, which is intended to protect enterprise-class email servers from spam, viruses, and hackers. The webmail component of the remote IronMail device does not properly validate pathname references included in a URL before using them to return the...
CVE-2006-5210
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IMFILE identifier with double-url-encoded "../" sequences "%252e%252e/"...
CVE-2006-5210
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IMFILE identifier with double-url-encoded "../" sequences "%252e%252e/"...
CVE-2006-5210
Summary: CVE-2006-5210 is a directory traversal vulnerability in IronWebMail (IronMail appliance) prior to 6.1.1 HotFix-17. An unauthenticated attacker can read arbitrary files by crafting a request to the IM_FILE identifier with double-url-encoded sequences (e.g., %252e%252e/). Affected software...
ironwebmail 6.1.1 - Directory Traversal Information Disclosure
ironwebmail 6.1.1 - Directory Traversal Information Disclosure source: https://www.securityfocus.com/bid/20436/info IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows remote,...
ironwebmail 6.1.1 - Directory Traversal Information Disclosure
source: https://www.securityfocus.com/bid/20436/info IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary...
SYMSA-2006-010: Directory Traversal in IronWebMail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-010 Advisory Title: Directory Traversal in IronWebMail Author: Derek Callaway Release Date: 16-10-2006 Application: IronWebMailtm Platform:...