7.5
CVE-2005-0332
- EPSS 2%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ventia ≫ Desknow Mail And Collaboration Server Version2.5.12
Ventia ≫ Desknow Mail And Collaboration Server Version2.5.13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2% | 0.782 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://marc.info/?l=bugtraq&m=110737616324614&w=2
http://secunia.com/advisories/14116
http://securitytracker.com/id?1013060
http://www.security.org.sg/vuln/desknow2512.html
http://www.securityfocus.com/bid/12421
https://exchange.xforce.ibmcloud.com/vulnerabilities/19206
https://exchange.xforce.ibmcloud.com/vulnerabilities/19211
https://exchange.xforce.ibmcloud.com/vulnerabilities/19212