Vulnerabilities > CVE-2006-0929 - Remote Directory Traversal vulnerability in Argosoft Mail Server 1.8.8.1

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
argosoft
nessus

Summary

Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command.

Vulnerable Configurations

Part Description Count
Application
Argosoft
1

Nessus

NASL familyMisc.
NASL idARGOSOFT_MS_IMAP_RENAME_DIR_TRAVERSAL.NASL
descriptionThe remote host is running ArGoSoft Mail Server, a messaging system for Windows. The IMAP server bundled with the version of ArGoSoft Mail Server installed on the remote host fails to filter directory traversal sequences from mailbox names passed to the
last seen2020-06-01
modified2020-06-02
plugin id20977
published2006-02-25
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20977
titleArGoSoft Mail Server Pro IMAP RENAME Command Traversal Arbitrary Directory Creation