CVE-2006-4371

Name of the Vulnerable Software and Affected Versions Alt-N WebAdmin versions 3.2.3 through 3.2.4 MDaemon version 9.0.5

Description The issue allows remote authenticated global administrators to read arbitrary files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the file parameter to the following API endpoints: "logfile view.wdm" and "configfile view.wdm".

Recommendations For Alt-N WebAdmin versions 3.2.3 through 3.2.4, restrict access to the "logfile view.wdm" and "configfile view.wdm" API endpoints to minimize the risk of exploitation. For MDaemon version 9.0.5, consider disabling the file parameter in the affected API endpoints until a patch is available.