Vulnerability Details CVE-2006-0711
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/18785
- http://secunia.com/secunia_research/2006-3/advisory/
- http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874
- http://www.securityfocus.com/bid/16651
- http://www.vupen.com/english/advisories/2006/0564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24737
- http://secunia.com/advisories/18785
- http://secunia.com/secunia_research/2006-3/advisory/
- http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874
- http://www.securityfocus.com/bid/16651
- http://www.vupen.com/english/advisories/2006/0564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24737