Multiple serious vulnerabilities have been found in Winmail Server. Malicious users can exploit these vulnerabilities to inject scripts or overwrite local files. Below is a complete list of vulnerabilities

1. A directory traversal can be exploited remotely via a side parameter;
2. An XSS vulnerability can be exploited remotely via a retid parameter or specially designed e-mail messages.

AMAX Magic Winmail Server versions 4.2 and earlier

Update to latest version