CVE-2006-0818

2006-07-2114:03:00

mitre

web.nvd.nist.gov

cve-2006-0818

merak mail server

visnetic mailserver

directory traversal

vulnerability

nvd

security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.118

Percentile

95.3%

JSON

Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.

Affected configurations

Nvd

Node

deerfieldvisnetic_mail_serverMatch8.3.5

icewarpweb_mailMatch5.6.0

merakmail_serverMatch8.3.8rwindows

VendorProductVersionCPE
deerfieldvisnetic_mail_server8.3.5cpe:2.3:a:deerfield:visnetic_mail_server:8.3.5:*:*:*:*:*:*:*
icewarpweb_mail5.6.0cpe:2.3:a:icewarp:web_mail:5.6.0:*:*:*:*:*:*:*
merakmail_server8.3.8rcpe:2.3:a:merak:mail_server:8.3.8r:*:windows:*:*:*:*:*

Vendor	Product	Version	CPE
deerfield	visnetic_mail_server	8.3.5	cpe:2.3:a:deerfield:visnetic_mail_server:8.3.5:::::::*
icewarp	web_mail	5.6.0	cpe:2.3:a:icewarp:web_mail:5.6.0:::::::*
merak	mail_server	8.3.8r	cpe:2.3:a:merak:mail_server:8.3.8r::windows:::::