CVE-2006-0930

Description

Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter.

Affected products

• argosoft / argosoft_mail_server1.8 – 1.8

References

• MISChttp://www.nsag.ru/vuln/877.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/18990
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0733
• MISChttp://securityreason.com/securityalert/487