Authentication Bypass and System Shutdown Vulnerability in DMail 3.1a

Authentication Bypass and System Shutdown Vulnerability in DMail 3.1a

CVE-2005-1516 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.

Learn more about our Web Application Penetration Testing UK.