Vulnerabilities > CVE-2002-1004 - Unspecified vulnerability in Argosoft Mail Server 1.8.1.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | ArGoSoft 1.8 Mail Server Directory Traversal Vulnerability. CVE-2002-1004 . Remote exploit for windows platform |
id | EDB-ID:21591 |
last seen | 2016-02-02 |
modified | 2002-07-06 |
published | 2002-07-06 |
reporter | team n.finity |
source | https://www.exploit-db.com/download/21591/ |
title | ArGoSoft 1.8 Mail Server Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | ARGOSOFT_MULTIPLE_FLAWS.NASL |
description | The remote host is running the ArGoSoft WebMail interface. The version found on the remote host is reportedly affected by multiple remote vulnerabilities : - A directory traversal vulnerability could allow remote users access to all files on the host. - A denial of service vulnerability exists which could allow remote attackers with regular user privileges to create a mail-loop condition that will consume all system resources. - A HTML injection vulnerability caused by a failure to properly sanitize HTML from email messages. - An authentication bypass vulnerability due to the free-ware version of ArGoSoft failing to carry out sufficient authentication before granting access to the user management interface. - A denial of service vulnerability in the free-ware version. An attacker can exploit this by attempting to create a new user using a name of excessive length. *** Nessus solely relied on the banner of this service to issue *** this alert. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11659 |
published | 2003-05-28 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11659 |
title | ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal) |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
- http://www.argosoft.com/applications/mailserver/changelist.asp
- http://www.argosoft.com/applications/mailserver/changelist.asp
- http://www.iss.net/security_center/static/9477.php
- http://www.iss.net/security_center/static/9477.php
- http://www.securityfocus.com/bid/5144
- http://www.securityfocus.com/bid/5144