Vulnerabilities > Amax Information Technologies > Magic Winmail Server > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2005-01-27	CVE-2005-0315	Multiple vulnerability in Amax Information Technologies Magic Winmail Server 4.0 The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. local low complexity amax-information-technologies	4.6
2005-01-27	CVE-2005-0314	Multiple vulnerability in Magic Winmail Server Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. network amax-information-technologies	4.3
2005-01-27	CVE-2005-0313	Multiple vulnerability in Amax Information Technologies Magic Winmail Server 4.0 Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE. network low complexity amax-information-technologies	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.