CVE-2012-4940

EXPLOITED NUCLEI

Axigen Free Mail Server - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Zhao Liang · textremotewindows

https://www.exploit-db.com/exploits/37996

View Code ZIP pw:eip

metasploit WORKING POC

by Zhao Liang, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/axigen_file_access.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Axigen Mail Server Filename Directory Traversal

MEDIUMby dhiyaneshDk

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/586556

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56343

Scores

EPSS 0.7982

EPSS Percentile 99.1%

Details

VulnCheck KEV 2024-09-19

CWE

CWE-22

Status published

Products (1)

gecad/axigen_free_mail_server

Published Oct 31, 2012

Tracked Since Feb 18, 2026