Vulnerabilities > CVE-2006-4955 - Directory Traversal vulnerability in Neosys Neon Webmail 5.06/5.07
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access. CVE-2006-4955 . Webapps exploit for jsp platform |
id | EDB-ID:28605 |
last seen | 2016-02-03 |
modified | 2006-09-20 |
published | 2006-09-20 |
reporter | Tan Chew Keong |
source | https://www.exploit-db.com/download/28605/ |
title | NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access |