Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0332

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0332
Last Modified 05 Sep 2008 04:45:59
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0332

Summary

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.

Vulnerable Systems

Application

  • Ventia Desknow Mail And Collaboration Server 2.5.12

  • Ventia Desknow Mail And Collaboration Server 2.5.13


References

XF - desknow-jsp-gain-access(19211)

XF - desknow-attachmentkey-file-upload(19206)

BID - 12421

XF - desknow-filedo-file-deletion(19212)

MISC - http://www.security.org.sg/vuln/desknow2512.html

SECTRACK - 1013060

SECUNIA - 14116

BUGTRAQ - 20050202 [SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities


Last Updated: 27 May 2016 10:39:46