Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability

Ecartis is prone to an arbitrary attachment upload vulnerability.

This vulnerability presents itself when the PantoMIME functionality has been enabled.

The issue arises because unauthorized users who are not subscribed to a mailing list can send email attachments that will be saved in the PantoMIME directory. This can allow attackers to place arbitrary files on a vulnerable server.

Ecartis version 1.0.0 snapshot 20050909 is reportedly vulnerable. Other versions may be affected as well.


 

Privacy Statement
Copyright 2010, SecurityFocus