CVE-2006-2308 Information

Description

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user’s email messages create/rename arbitrary directories on the system and delete empty directories via directory traversal sequences in the (1) CREATE (2) SELECT (3) DELETE (4) RENAME (5) COPY or (6) APPEND commands.

Reference

http://secunia.com/advisories/20059 http://secunia.com/secunia_research/2006-37/advisory/ http://securityreason.com/securityalert/1006 http://www.eserv.ru/ru/news/news_detail.php?ID=235 http://www.securityfocus.com/archive/1/435415/100/0/threaded http://www.securityfocus.com/bid/18179 http://www.vupen.com/english/advisories/2006/2066 https://exchange.xforce.ibmcloud.com/vulnerabilities/26738