Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0946

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-0946
Last Modified 05 Sep 2008 05:36:24
Published 25 Feb 2008 04:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-0946

Summary

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.

Vulnerable Systems

Application

  • Ipswitch Imserver 2.0.8.1

  • Ipswitch Instant Messaging 2.0.8.1


References

BID - 27677

BUGTRAQ - 20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1

MISC - http://aluigi.org/poc/ipsimene.zip

MISC - http://aluigi.altervista.org/adv/ipsimene-adv.txt

SREASON - 3697


Last Updated: 27 May 2016 10:46:58