CVE-2005-4559
CVE-2005-4559
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/26984unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=full-disclosure&m=113570229524828&w=2http://secunia.com/advisories/17046http://secunia.com/advisories/17865http://secunia.com/secunia_research/2005-62/advisory/http://securityreason.com/securityalert/299http://securitytracker.com/id?1015412https://exchange.xforce.ibmcloud.com/vulnerabilities/23907http://www.osvdb.org/22082http://www.securityfocus.com/archive/1/420255/100/0/threadedhttp://www.securityfocus.com/bid/16069