Synopsis :

The remote webmail server is affected by directory traversal and
cross-site scripting vulnerabilities.

Description :

The remote host is running Winmail Server, a commercial mail server for
Windows from AMAX Information Technologies.

The web interface that is used by Winmail Server for reading mail and
administering the server fails to sanitize user-supplied input to
various parameters and scripts. Beyond the usual cross-site scripting
attacks, this can also be leveraged by an unauthenticated attacker to
overwrite arbitrary files on the affected system, which could compromise
the system's integrity.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true