CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1101

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.027

EPSS Ranking 85.3%

CVSS Severity

CVSS v2 Score 5.8

References

http://www.kb.cert.org/vuls/id/596046
http://www.procheckup.com/security_info/vuln_pr0411.html
http://www.securityfocus.com/bid/11598
https://exchange.xforce.ibmcloud.com/vulnerabilities/17951
http://www.kb.cert.org/vuls/id/596046
http://www.procheckup.com/security_info/vuln_pr0411.html
http://www.securityfocus.com/bid/11598
https://exchange.xforce.ibmcloud.com/vulnerabilities/17951

Products affected by CVE-2004-1101

Tips » Mailpost » Version: 5.1.1_sv

cpe:2.3:a:tips:mailpost:5.1.1_sv

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1101

Products

Pricing

Contact Us