Vulnerabilities > CVE-2005-3430 - Unspecified vulnerability in Rockliffe Mailsite Express 6.1.20
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://secunia.com/advisories/17240/
- http://securitytracker.com/id?1015117
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
- http://www.securityfocus.com/bid/15230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22907