CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-3431

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile43.60th
Published2005年11月2日
Last Modified2026年4月16日

Vulnerability Description

Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.

Affected Platforms (CPE)

📦
Rockliffe

Mailsite Express

<= 6.1.21

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
🔗 http://marc.info/?l=bugtraq&m=113053680631151&w=2
🔗 http://secunia.com/advisories/17240/
🔗 http://securityreason.com/securityalert/126
🔗 http://securitytracker.com/id?1015117
🔗 http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
🔗 http://www.securityfocus.com/bid/15231
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/22908

関連する脆弱性情報

CVE-2005-34307.5

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbit...

CVE-2005-32875.0

Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachment...

CVE-2005-32885.0

Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file ...

CVE-2005-34284.3

Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary w...