CVE-2015-9277

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:40

Type Values Removed Values Added
References () https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt - Release Notes, Vendor Advisory () https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt - Release Notes, Vendor Advisory
References () https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf - Exploit, Third Party Advisory () https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf - Exploit, Third Party Advisory
References () https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/ - Third Party Advisory () https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/ - Third Party Advisory

Information

Published : 2019-01-16 16:29

Updated : 2024-11-21 02:40


NVD link : CVE-2015-9277

Mitre link : CVE-2015-9277

CVE.ORG link : CVE-2015-9277


JSON object : View

Products Affected

mailenable

  • mailenable
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')