Rockliffe: Security Vulnerabilities
Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-11-02
Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-10-23
Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-10-23
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
CVSS Score
10.0
EPSS Score
0.026
Published
2000-05-24
Page 2