CVE-2006-4013 Information

Description

Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4 when the Control Center is allowed to connect from any computer allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.

Reference

http://secunia.com/advisories/21223 http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html http://securitytracker.com/id?1016600 http://www.osvdb.org/27589 http://www.osvdb.org/27590 http://www.securityfocus.com/bid/19182 http://www.vupen.com/english/advisories/2006/3018 https://exchange.xforce.ibmcloud.com/vulnerabilities/28058 https://exchange.xforce.ibmcloud.com/vulnerabilities/28059