CGI abuses : Socketmail <= 2.2.6 - Remote File Include Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.56809

Category: CGI abuses

Title: Socketmail <= 2.2.6 - Remote File Include Vulnerability

Summary: NOSUMMARY

Description: Description:

Socketmail up to and including version 2.2.6 does not
sufficiently sanitize user supplied variables, allowing
attackers to include arbitrary files. Attackers can disclose
any file on your system, or possibly execute arbitrary code.

Solution: Turn off register_globals, or upgrade to a later
version.

Risk factor : High

CVSS Score:
6.4

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2681
http://www.majorsecurity.de/advisory/major_rls6.txt
http://securitytracker.com/id?1016228
http://secunia.com/advisories/20273
http://www.vupen.com/english/advisories/2006/1976
XForce ISS Database: socketmail-index-file-include(26693)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26693

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.56809
Category:	CGI abuses
Title:	Socketmail <= 2.2.6 - Remote File Include Vulnerability
Summary:	NOSUMMARY
Description:	Description: Socketmail up to and including version 2.2.6 does not sufficiently sanitize user supplied variables, allowing attackers to include arbitrary files. Attackers can disclose any file on your system, or possibly execute arbitrary code. Solution: Turn off register_globals, or upgrade to a later version. Risk factor : High CVSS Score: 6.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2681 http://www.majorsecurity.de/advisory/major_rls6.txt http://securitytracker.com/id?1016228 http://secunia.com/advisories/20273 http://www.vupen.com/english/advisories/2006/1976 XForce ISS Database: socketmail-index-file-include(26693) https://exchange.xforce.ibmcloud.com/vulnerabilities/26693
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com