Описание
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-0711
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24737
- http://secunia.com/advisories/18785
- http://secunia.com/secunia_research/2006-3/advisory
- http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874
- http://www.securityfocus.com/bid/16651
- http://www.vupen.com/english/advisories/2006/0564
EPSS
Процентиль: 70%
0.00649
Низкий
CVE ID
Связанные уязвимости
nvd
почти 20 лет назад
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
EPSS
Процентиль: 70%
0.00649
Низкий