CVE-2005-1284

Description

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.

Affected products

• argosoft / argosoft_mail_server1.8.7.6 – 1.8.7.6

References

• MISChttp://www.securityfocus.com/bid/13323
• MAILING_LISThttp://marc.info/?l=bugtraq&m=111419001527077&w=2
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/20228
• MISChttp://www.osvdb.org/15822