Magic Winmail Server number of security flaws
Systems affected: Amax Engineering Corporation Winmail Server 4.0 Build 1112
Description: BUGTRAQ ID: 12388
Magic Winmail Server is a multi-function WEB-based mail service program.
Magic Winmail Server existence of a number of security issues, remote attackers can use these loopholes to upload files to download arbitrary conduct cross-site scripting and other attacks.
1, WEBMAIL loopholes
a, download.php allow directory traversal download any file, because of the lack of adequate filtering parameters, the system can lead to download any file.
b, upload.php users because of the lack of full file name filters, available through directory traversal upload any documents to the system.
c, e-mail users showed that personal information when there cross-site scripting vulnerability. ‘/ admin / user.php’ script allows WEB administrator user name, full name, description and company name, malicious users can use the script userinfo.php insert malicious script to personal information, see the administrator, can lead to sensitive information Leak.
2, IMAP long-distance services directory traversal vulnerability
IMAP order multiple directory traversal problems exist, can lead to malicious user to read arbitrary board users open e-mail, delete, and the establishment of any directory. These orders include CREATE, EXAMINE, SELECT and DELET.
3, FTP PORT ordered a security issue
Winmail Server service does not correct the FTP PORT order to provide the IP address, can lead to an attacker to use PORT order a port scan.
Manufacturers patch:
At present vendors have released updates to fix this security issue, go to vendors to download the home page: http://www.magicwinmail.net