Vulnerabilities > CVE-2005-1657 - Directory Traversal vulnerability in Mercur Messaging 2005Sp2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mercur

NVD

Published: 2005-05-18

Updated: 2008-09-05

Summary

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.

Vulnerable Configurations

Part	Description	Count
Application	Mercur Mercur Mercur Messaging 2005_Sp2	1

References

http://secunia.com/advisories/15234
http://www.osvdb.org/16220
http://www.osvdb.org/16221
http://www.osvdb.org/16222
http://www.osvdb.org/16223
http://www.osvdb.org/16224
http://www.osvdb.org/16225