Description
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Bogdan Calin · textremotewindows
https://www.exploit-db.com/exploits/34622
References (8)
Core 8
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/1009-exploits/axigen741-traversal.txt
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2415
Patch, Vendor Advisory x_refsource_confirm
http://www.axigen.com/press/product-releases/axigen-releases-version-742_74.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61826
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68027
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41430
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43230
Various Sources x_refsource_misc
http://www.acunetix.com/blog/news/directory-traversal-axigen/
Scores
EPSS
0.1018
EPSS Percentile
93.2%
Details
CWE
CWE-22
Status
published
Products (40)
gecad/axigen_mail_server
gecad/axigen_mail_server
1.0.1
gecad/axigen_mail_server
1.0.2
gecad/axigen_mail_server
1.0.5
gecad/axigen_mail_server
1.0.6
gecad/axigen_mail_server
1.0.7
gecad/axigen_mail_server
1.1.0 (2 CPE variants)
gecad/axigen_mail_server
1.1.1
gecad/axigen_mail_server
1.2.0 (2 CPE variants)
gecad/axigen_mail_server
1.2.3
... and 30 more
Published
Sep 17, 2010
Tracked Since
Feb 18, 2026