ID CVE-2005-3691
Summary Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands.
References
Vulnerable Configurations
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.01:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.01:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.02:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.02:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.03:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.03:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.04:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.04:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:*:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 15494
confirm http://www.mailenable.com/hotfix/
misc http://secunia.com/secunia_research/2005-59/advisory/
sectrack 1015239
secunia 17633
vupen ADV-2005-2484
Last major update 08-03-2011 - 02:26
Published 19-11-2005 - 01:03
Last modified 08-03-2011 - 02:26
Back to Top