7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
87.8%
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.
marc.info/?l=bugtraq&m=110737616324614&w=2
secunia.com/advisories/14116
securitytracker.com/id?1013060
www.security.org.sg/vuln/desknow2512.html
www.securityfocus.com/bid/12421
exchange.xforce.ibmcloud.com/vulnerabilities/19206
exchange.xforce.ibmcloud.com/vulnerabilities/19211
exchange.xforce.ibmcloud.com/vulnerabilities/19212