Web application abuses : DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.16308

Categoría: Web application abuses

Título: DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities

Resumen: A directory traversal vulnerability was found in DeskNow webmail; file attachment upload feature that may be exploited to upload files to arbitrary locations on the; server.;; A second directory traversal vulnerability exists in the document repository file delete feature.

Descripción: Summary:
A directory traversal vulnerability was found in DeskNow webmail
file attachment upload feature that may be exploited to upload files to arbitrary locations on the
server.

A second directory traversal vulnerability exists in the document repository file delete feature.

Vulnerability Impact:
A malicious webmail user may upload a JSP file to the script directory
of the server, and executing it by requesting the URL of the upload JSP file.

The second vulnerability may be exploited to delete arbitrary files on the server.

Solution:
Upgrade to DeskNow version 2.5.14 or newer.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0332
BugTraq ID: 12421
http://www.securityfocus.com/bid/12421
Bugtraq: 20050202 [SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110737616324614&w=2
http://www.security.org.sg/vuln/desknow2512.html
http://securitytracker.com/id?1013060
http://secunia.com/advisories/14116
XForce ISS Database: desknow-attachmentkey-file-upload(19206)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19206
XForce ISS Database: desknow-filedo-file-deletion(19212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19212
XForce ISS Database: desknow-jsp-gain-access(19211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19211

Copyright Copyright (C) 2005 Noam Rathaus

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.16308
Categoría:	Web application abuses
Título:	DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
Resumen:	A directory traversal vulnerability was found in DeskNow webmail; file attachment upload feature that may be exploited to upload files to arbitrary locations on the; server.;; A second directory traversal vulnerability exists in the document repository file delete feature.
Descripción:	Summary: A directory traversal vulnerability was found in DeskNow webmail file attachment upload feature that may be exploited to upload files to arbitrary locations on the server. A second directory traversal vulnerability exists in the document repository file delete feature. Vulnerability Impact: A malicious webmail user may upload a JSP file to the script directory of the server, and executing it by requesting the URL of the upload JSP file. The second vulnerability may be exploited to delete arbitrary files on the server. Solution: Upgrade to DeskNow version 2.5.14 or newer. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0332 BugTraq ID: 12421 http://www.securityfocus.com/bid/12421 Bugtraq: 20050202 [SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110737616324614&w=2 http://www.security.org.sg/vuln/desknow2512.html http://securitytracker.com/id?1013060 http://secunia.com/advisories/14116 XForce ISS Database: desknow-attachmentkey-file-upload(19206) https://exchange.xforce.ibmcloud.com/vulnerabilities/19206 XForce ISS Database: desknow-filedo-file-deletion(19212) https://exchange.xforce.ibmcloud.com/vulnerabilities/19212 XForce ISS Database: desknow-jsp-gain-access(19211) https://exchange.xforce.ibmcloud.com/vulnerabilities/19211
Copyright	Copyright (C) 2005 Noam Rathaus