CVE-2005-0332

critical

Description

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19212

https://exchange.xforce.ibmcloud.com/vulnerabilities/19211

https://exchange.xforce.ibmcloud.com/vulnerabilities/19206

http://www.securityfocus.com/bid/12421

http://www.security.org.sg/vuln/desknow2512.html

http://securitytracker.com/id?1013060

http://secunia.com/advisories/14116

http://marc.info/?l=bugtraq&m=110737616324614&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical