MidnightBSD

Advisories for macallan

CVE-2004-2071 HIGH

Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
macallan mail_solution 2.8.4.6_build_260
CVE-2006-0798 MEDIUM

Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
macallan mail_solution *