CVE-2005-0367

Name of the Vulnerable Software and Affected Versions ArGoSoft Mail Server version 1.8.7.3

Description The issue allows remote authenticated users to read, delete, or upload arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in specific parameters, such as the filename of an e-mail attachment, the msgatt.rec file, or the Folder parameter in various operations like /msg, /delete, /folderadd, and /folderdelete.

Recommendations For ArGoSoft Mail Server version 1.8.7.3, consider restricting access to the affected operations, such as /msg, /delete, /folderadd, and /folderdelete, until a patch is available. As a temporary workaround, avoid using the .. (dot dot) sequence in filenames of e-mail attachments and the msgatt.rec file to minimize the risk of exploitation.