CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-3430

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
http://marc.info/?l=bugtraq&m=113053680631151&w=2
http://secunia.com/advisories/17240/
http://securitytracker.com/id?1015117
http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
http://www.securityfocus.com/bid/15230
https://exchange.xforce.ibmcloud.com/vulnerabilities/22907
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
http://marc.info/?l=bugtraq&m=113053680631151&w=2
http://secunia.com/advisories/17240/
http://securitytracker.com/id?1015117
http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
http://www.securityfocus.com/bid/15230
https://exchange.xforce.ibmcloud.com/vulnerabilities/22907

Products affected by CVE-2005-3430

Rockliffe » Mailsite Express » Version: Any

cpe:2.3:a:rockliffe:mailsite_express:*
Rockliffe » Mailsite Express » Version: 6.1.20

cpe:2.3:a:rockliffe:mailsite_express:6.1.20

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3430

Products

Pricing

Contact Us