GeniXCMS Mailbox validation logic vulnerability

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSGUSEREMAILEXIST protection mechanism via a register.php?act=edit&id=1 request...

Design/Logic Flaw

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the...