Vulnerabilities > CVE-2012-1916 - Remote Security vulnerability in Atmail Open

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
atmail

Summary

@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/. Per: http://www.kb.cert.org/vuls/id/743555 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part Description Count
Application
Atmail
1