Vulnerabilities > CVE-2006-4955 - Directory Traversal vulnerability in Neosys Neon Webmail 5.06/5.07

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
neosys
exploit available
NVD
Published: 2006-09-23
Updated: 2017-07-20

Summary

Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.

Vulnerable Configurations

Part Description Count
Application
Neosys
2

Exploit-Db

descriptionNeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access. CVE-2006-4955 . Webapps exploit for jsp platform
idEDB-ID:28605
last seen2016-02-03
modified2006-09-20
published2006-09-20
reporterTan Chew Keong
sourcehttps://www.exploit-db.com/download/28605/
titleNeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access

References