Description
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Timescape · textremotewindows
https://www.exploit-db.com/exploits/20182
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=96767207207553&w=2
Various Sources x_refsource_confirm
http://www.ipswitch.com/Support/IMail/news.html
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1617
Scores
EPSS
0.0207
EPSS Percentile
84.1%
Details
Status
published
Products (6)
ipswitch/imail
5.0
ipswitch/imail
6.0
ipswitch/imail
6.1
ipswitch/imail
6.2
ipswitch/imail
6.3
ipswitch/imail
6.4
Published
Oct 20, 2000
Tracked Since
Feb 18, 2026