CVE-2006-5210
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2006-5210
Status
Candidate
Description
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").
Severity
Low
CVSS score
2,3
CVSS vector
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Phase
Assigned (09.10.2006)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5210
References
BID :
20436
BUGTRAQ :
20061013 SYMSA-2006-010: Directory Traversal in IronWebMail
FRSIRT :
ADV-2006-4055
MISC :
http://www.symantec.com/enterprise/research/SYMSA-...
MISC :
https://supportcenter.ciphertrust.com/vulnerabilit...
SECTRACK :
1017069
SECUNIA :
22406
XF :
ironwebmail-url-directory-traversal(29620)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
