Vulnerability Details CVE-2006-0448
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/18480
- http://secunia.com/secunia_research/2006-1/advisory/
- http://www.osvdb.org/22764
- http://www.osvdb.org/22765
- http://www.securityfocus.com/bid/16379
- http://www.vupen.com/english/advisories/2006/0318
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24336
- http://secunia.com/advisories/18480
- http://secunia.com/secunia_research/2006-1/advisory/
- http://www.osvdb.org/22764
- http://www.osvdb.org/22765
- http://www.securityfocus.com/bid/16379
- http://www.vupen.com/english/advisories/2006/0318
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24336
Products affected by CVE-2006-0448
-
cpe:2.3:a:e-post_corporation:mail_server:4.05
-
cpe:2.3:a:e-post_corporation:spa-pro_mail_atsolomon:4.05