Unrated severityNVD Advisory· Published Nov 2, 2005· Updated Apr 16, 2026

CVE-2005-3430

Description

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.

Affected products

Rockliffe/Mailsite Express2 versions
cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*range: <=6.1.21
- cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.htmlnvdPatch
www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdfnvdPatchVendor Advisory
secunia.com/advisories/17240/nvdVendor Advisory
marc.infonvd
securitytracker.com/idnvd
www.securityfocus.com/bid/15230nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22907nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000