CVE-2005-0332 Information

Description

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do as demonstrated using JSP pages or (2) delete arbitrary files via the select_file parameter to file.do.

Reference

http://marc.info/?l=bugtraq&m=110737616324614&w=2 http://secunia.com/advisories/14116 http://securitytracker.com/id?1013060 http://www.security.org.sg/vuln/desknow2512.html http://www.securityfocus.com/bid/12421 https://exchange.xforce.ibmcloud.com/vulnerabilities/19206 https://exchange.xforce.ibmcloud.com/vulnerabilities/19211 https://exchange.xforce.ibmcloud.com/vulnerabilities/19212