header-logo
Suggest Exploit
vendor:
Mail-Gear
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Mail-Gear
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Mail-Gear Directory Traversal

Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to.

Mitigation:

Upgrade to the latest version of Mail-Gear.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/827/info

Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to. 


http: //target.host:8003/Display?what=../../../../../autoexec.bat
will display the server's autoexec.bat in a default NT installation.

Navigation

Suggest Exploit

Services By CQR