header-logo
Suggest Exploit
vendor:
1st Class Mail Server
by:
Unknown
7.5
CVSS
HIGH
Directory Traversal and Cross-Site Scripting
Unknown
CWE
Product Name: 1st Class Mail Server
Affected Version From: 1st Class Mail Server version 4.01
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:1st_class_mail_server:1st_class_mail_server:4.01
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Directory Traversal and Cross-Site Scripting Vulnerabilities in 1st Class Mail Server

Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. The vulnerability exists in the 'general.tagz' file of 1st Class Mail Server, where an attacker can manipulate the 'Site' and 'Mailbox' parameters to execute arbitrary code or access sensitive files on the server.

Mitigation:

It is recommended to upgrade to a fixed version of 1st Class Mail Server. Alternatively, ensure that input validation and output encoding is implemented properly to prevent directory traversal and cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10089/info
   
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
   
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well. 

http://www.example.com/AUTH=[some_value]/user/general.tagz?Site=www.example.com&Mailbox=[html_code]

Navigation

Suggest Exploit

Services By CQR