send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html | Exploit Vendor Advisory |
http://the.cushman.net/projects/aeromail/download/ | |
http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz | |
http://www.iss.net/security_center/static/8345.php | Patch Vendor Advisory |
http://www.securityfocus.com/bid/4214 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-06-11T04:00:00
Updated: 2002-06-15T09:00:00
Reserved: 2002-06-07T00:00:00
Link: CVE-2002-0410
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-07-26T04:00:00.000
Modified: 2008-09-05T20:27:57.087
Link: CVE-2002-0410
JSON object: View
Redhat Information
No data.
CWE