https://www.exploit-db.com/exploits/26313
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-011

MERAKMailServer8.2.4rwithIcewarpWebMail5.5.1及可能的早期版本存在多个目录遍历漏洞。远程攻击者可以(1)借助相对于对logout.html的id参数的相对路径，删除任意文件或目录，或者(2)借助对help.html的helpid参数，包含任意PHP文件或其他文件。

source: http://www.securityfocus.com/bid/14988/info

Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application.

An attacker can exploit this issue to cause a denial of service condition due to data corruption.

Merak Mail Server version 8.2.4r is affected by this vulnerability. 

http://www.example.com:32000/mail/logout.html?id=[relative path]
http://www.example.com:32000/mail/logout.html?id=[relative path]%00blabla

来源:BID
名称:14988
链接:http://www.securityfocus.com/bid/14988
来源:SECUNIA
名称:17046
链接:http://secunia.com/advisories/17046/
来源:BUGTRAQ
名称:20050930MultiplevulnerabilitiesinMerakMailServer8.2.4rwithIcewarpWebMail5.5.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112810385104168&w;=2
来源:BID
名称:14986
链接:http://www.securityfocus.com/bid/14986
来源:VUPEN
名称:ADV-2005-1933
链接:http://www.frsirt.com/english/advisories/2005/1933