Vulnerabilities > CVE-2005-1902 - Directory Traversal vulnerability in E-Post Corporation Spa-Pro Mail Atsolomon 4.00

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

e-post-corporation

NVD

Published: 2005-06-09

Updated: 2017-07-11

Summary

Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, and (4) RENAME commands.

Vulnerable Configurations

Part	Description	Count
Application	E-Post_Corporation E Post Corporation SPA PRO Mail Atsolomon 4.00	1

References

http://secunia.com/advisories/15573
http://securitytracker.com/id?1014095
http://www.osvdb.org/16989
http://www.security.org.sg/vuln/spa-promail4.html
http://www.vupen.com/english/advisories/2005/0680
https://exchange.xforce.ibmcloud.com/vulnerabilities/20860