Vulnerabilities > CVE-2006-4955 - Unspecified vulnerability in Neosys Neon Webmail 5.06/5.07
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN neosys
exploit available
Summary
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access. CVE-2006-4955 . Webapps exploit for jsp platform |
| id | EDB-ID:28605 |
| last seen | 2016-02-03 |
| modified | 2006-09-20 |
| published | 2006-09-20 |
| reporter | Tan Chew Keong |
| source | https://www.exploit-db.com/download/28605/ |
| title | NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access |
References
- http://secunia.com/advisories/22029
- http://secunia.com/advisories/22029
- http://vuln.sg/neonmail506-en.html
- http://vuln.sg/neonmail506-en.html
- http://www.securityfocus.com/bid/20109
- http://www.securityfocus.com/bid/20109
- http://www.securityfocus.com/bid/84199
- http://www.securityfocus.com/bid/84199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29090