CVE-2005-0313

Amax Information Technologies Magic Winmail Server - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textwebappsphp

https://www.exploit-db.com/exploits/25065

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textwebappsphp

https://www.exploit-db.com/exploits/25064

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19114

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12388

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013017

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110685011825461&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14053

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19108

Scores

EPSS 0.0795

EPSS Percentile 92.1%

Details

Status published

Products (1)

amax_information_technologies/magic_winmail_server 4.0

Published Jan 27, 2005

Tracked Since Feb 18, 2026