Title:IceWarp Mail Server 路径遍历漏洞 (CVE-2015-1503) Description:IceWarp Mail Server是美国爱思华宝(IceWarp)公司的一款邮件服务器产品。该产品支持电子邮件归档、SmartAttach附件、自动迁移等。 IceWarp Mail Server 11.2之前版本中存在目录遍历漏洞。远程攻击者可通过向webmail/client/skins/default/css/css.php页面发送带有‘..’序列的‘file’参数或向webmail/old/calendar/minimizer/index.php文件发送带有‘.../.’序列的‘script’
Description
IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.
File Snapshot
id: CVE-2015-1503
info:
name: IceWarp Mail Server <11.1.1 - Directory Traversal
author: 0x_Akok
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.