The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type (CWE-434), relative path traversal (CWE-23), external control of file name or path (CWE-73), and information exposure (CWE-200).
The @Mail Open 1.04 webmail client contains multiple vulnerabilities including the following.
CWE-434: Unrestricted Upload of File with Dangerous Type
A remote attacker may be able to read and write to arbitrary files on the system. A backdoor shell may also be uploaded to an affected system.
Apply an Update
Thanks to Sergey Scherbel of Positive Technologies for reporting these vulnerabilities.
|Date First Published:||2012-03-22|
|Date Last Updated:||2012-03-28 12:20 UTC|