Vulnerabilities > CVE-2006-4952 - Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | NeoSys Neon Webmail for Java 5.06/5.07 updatemail Servlet Arbitrary Mail Message Manipulation. CVE-2006-4952. Webapps exploit for jsp platform |
| id | EDB-ID:28606 |
| last seen | 2016-02-03 |
| modified | 2006-09-20 |
| published | 2006-09-20 |
| reporter | Tan Chew Keong |
| source | https://www.exploit-db.com/download/28606/ |
| title | NeoSys Neon Webmail for Java 5.06/5.07 updatemail Servlet Arbitrary Mail Message Manipulation |