Vulnerabilities > CVE-2004-1206 - Directory Traversal vulnerability in PNTresMailer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | PNTresMailer 6.0 Directory Traversal Vulnerability. CVE-2004-1206. Webapps exploit for php platform |
id | EDB-ID:24783 |
last seen | 2016-02-03 |
modified | 2004-11-26 |
published | 2004-11-26 |
reporter | John Cobb |
source | https://www.exploit-db.com/download/24783/ |
title | pntresmailer 6.0 - Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | POSTNUKE_PNTRESMAILER_TRAVERSAL.NASL |
description | The remote host is running a version of the pnTresMailer PostNuke module which is vulnerable to a directory traversal attack. An attacker may use this flaw to read arbitrary files on the remote web server, with the privileges of the web server process. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15858 |
published | 2004-11-30 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15858 |
title | PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access |
code |
|