Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability

Any email message in a known mailbox of a known user can be read by remote users through directory traversing in Atrium Mercur Mail Server 3.2. This is accomplished by logging onto the Mail Server and executing IMAP commands accompanied by paths such as /../../directory.


Privacy Statement
Copyright 2010, SecurityFocus