CVE-2005-1657 Information

Description

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml (2) deletemessage.ctml (3) origmessage.ctml or (4) readmessage.ctml the Message.Id parameter to editmessage.ctml or the (5) Message.Command parameter to messages.ctml.

Reference

http://secunia.com/advisories/15234 http://www.osvdb.org/16220 http://www.osvdb.org/16221 http://www.osvdb.org/16222 http://www.osvdb.org/16223 http://www.osvdb.org/16224 http://www.osvdb.org/16225