CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-26293

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile0.44th
Published2021年3月4日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.

Affected Platforms (CPE)

📦
Afterlogic

Aurora

<= 8.5.3
📦
Afterlogic

Webmail Pro

<= 8.5.3

References & Advisories

🔗 https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/
🔗 https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/

相關漏洞威脅

CVE-2021-4187310.0

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized a...

CVE-2007-00189.3

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allo...

CVE-2010-02498.8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Window...

CVE-2021-262947.5

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read f...