7.5

CVE-2005-0332

EPSS 1.63%
Veröffentlicht 02.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ventia ≫ Desknow Mail And Collaboration Server Version2.5.12

Ventia ≫ Desknow Mail And Collaboration Server Version2.5.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.63%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://marc.info/?l=bugtraq&m=110737616324614&w=2

http://secunia.com/advisories/14116

http://securitytracker.com/id?1013060

http://www.security.org.sg/vuln/desknow2512.html

Vendor Advisory

http://www.securityfocus.com/bid/12421

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/19206

https://exchange.xforce.ibmcloud.com/vulnerabilities/19211

https://exchange.xforce.ibmcloud.com/vulnerabilities/19212

https://nvd.nist.gov/vuln/detail/CVE-2005-0332

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0332

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0332

EUVD