Multiple directory traversal vulnerabilities in Axigen Free Mail ServerID: oval:org.secpod.oval:def:7794 | Date: (C)2012-11-06 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Axigen Free Mail Server and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to handle the View Log Files component. Successful exploitation allows attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit action or a delete action to the default URI.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Axigen Free Mail Server |