CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.706

EPSS Ranking 98.6%

CVSS Severity

CVSS v2 Score 6.4

References

http://www.kb.cert.org/vuls/id/586556
http://www.securityfocus.com/bid/56343
http://www.kb.cert.org/vuls/id/586556
http://www.securityfocus.com/bid/56343

Products affected by CVE-2012-4940

Gecad » Axigen Free Mail Server » Version: N/A

cpe:2.3:a:gecad:axigen_free_mail_server:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4940

Products

Pricing

Contact Us