CVE-2006-0711

The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.

Date published : 2006-02-15

http://www.securityfocus.com/bid/16651

http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874