CVE-2006-5487
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2006-5487
Status
Candidate
Description
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
Severity
High
CVSS score
7
CVSS vector
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Phase
Assigned (24.10.2006)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5487
References
BID :
20999
BUGTRAQ :
20061110 ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
CONFIRM :
http://www.marshal.com/kb/article.aspx?id=11450
FRSIRT :
ADV-2006-4457
MISC :
http://www.zerodayinitiative.com/advisories/ZDI-06...
SECTRACK :
1017209
SECUNIA :
22806
XF :
mailmarshal-arj-code-execution(30188)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
