Unrated severityNVD Advisory· Published Jul 21, 2006· Updated Apr 16, 2026
CVE-2006-0818
CVE-2006-0818
Description
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.
Affected products
3- cpe:2.3:a:deerfield:visnetic_mail_server:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:merak:mail_server:8.3.8r:*:windows:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/18953nvdExploitPatchVendor Advisory
- secunia.com/advisories/18966nvdExploitPatchVendor Advisory
- secunia.com/secunia_research/2006-12/advisory/nvdExploitPatchVendor Advisory
- secunia.com/secunia_research/2006-14/advisory/nvdExploitPatchVendor Advisory
- www.securityfocus.com/bid/19002nvdExploitPatch
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/440297/100/0/threadednvd
- www.securityfocus.com/archive/1/440302/100/0/threadednvd
- www.securityfocus.com/bid/19007nvd
- www.vupen.com/english/advisories/2006/2825nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27780nvd
News mentions
0No linked articles in our index yet.