The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type (CWE-434), relative path traversal (CWE-23), external control of file name or path (CWE-73), and information exposure (CWE-200).
The @Mail Open 1.04 webmail client contains multiple vulnerabilities including the following.
CWE-434: Unrestricted Upload of File with Dangerous Type
A remote attacker may be able to read and write to arbitrary files on the system. A backdoor shell may also be uploaded to an affected system.
Apply an Update
Thanks to Sergey Scherbel of Positive Technologies for reporting these vulnerabilities.
This document was written by Jared Allar.
|Date First Published:||2012-03-22|
|Date Last Updated:||2012-03-28 12:20 UTC|