Vulnerability Description
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ventia | Desknow Mail And Collaboration Server | 2.5.12 |
References
- http://marc.info/?l=bugtraq&m=110737616324614&w=2
- http://secunia.com/advisories/14116
- http://securitytracker.com/id?1013060
- http://www.security.org.sg/vuln/desknow2512.htmlVendor Advisory
- http://www.securityfocus.com/bid/12421Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19212
- http://marc.info/?l=bugtraq&m=110737616324614&w=2
- http://secunia.com/advisories/14116
- http://securitytracker.com/id?1013060
- http://www.security.org.sg/vuln/desknow2512.htmlVendor Advisory
- http://www.securityfocus.com/bid/12421Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19211
FAQ
What is CVE-2005-0332?
CVE-2005-0332 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey paramete...
How severe is CVE-2005-0332?
CVE-2005-0332 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0332?
Check the references section above for vendor advisories and patch information. Affected products include: Ventia Desknow Mail And Collaboration Server.