CVE-2006-0711
Summary
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
- LOW
- NETWORK
- NONE
- PARTIAL
- NONE
- NONE
References
Advisory Timeline
- Published