EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-05
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
Max CVSS
5.0
EPSS Score
0.32%
Published
2002-08-12
Updated
2008-09-05
2 vulnerabilities found