CVE-2005-3691

high

Description

Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands.

References

http://www.vupen.com/english/advisories/2005/2484

http://www.securityfocus.com/bid/15494

http://www.mailenable.com/hotfix/

http://securitytracker.com/id?1015239

http://secunia.com/secunia_research/2005-59/advisory/

http://secunia.com/advisories/17633

Details

Source: Mitre, NVD

Published: 2005-11-19

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High