Vulnerability Note VU#743555
@Mail Open webmail client contains multiple vulnerabilities
The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type (CWE-434), relative path traversal (CWE-23), external control of file name or path (CWE-73), and information exposure (CWE-200).
The @Mail Open 1.04 webmail client contains multiple vulnerabilities including the following.
CWE-434: Unrestricted Upload of File with Dangerous Type
A remote attacker may be able to read and write to arbitrary files on the system. A backdoor shell may also be uploaded to an affected system.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AtMail||Affected||06 Feb 2012||20 Mar 2012|
CVSS Metrics (Learn More)
Thanks to Sergey Scherbel of Positive Technologies for reporting these vulnerabilities.
This document was written by Jared Allar.
- CVE IDs: Unknown
- Date Public: 22 Mar 2012
- Date First Published: 22 Mar 2012
- Date Last Updated: 28 Mar 2012
- Severity Metric: 1.34
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.