DeskNow Mail And Collaboration Server Directory Traversal Vulnerabilities Network Vulnerability

Summary

DeskNow Mail and Collaboration Server is a full-featured and integrated mail and instant messaging server, with webmail, secure instant messaging, document repository, shared calendars, address books, message boards, web-publishing, anti-spam features, Palm and PocketPC access and much more. A directory traversal vulnerability was found in DeskNow webmail file attachment upload feature that may be exploited to upload files to arbitrary locations on the server. A malicious webmail user may upload a JSP file to the script directory of the server, and executing it by requesting the URL of the upload JSP file. A second directory traversal vulnerability exists in the document repository file delete feature. This vulnerability may be exploited to delete arbitrary files on the server.

Solution

Upgrade to DeskNow version 2.5.14 or newer

Severity

Classification

CVE CVE-2005-0332
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
ARRIS 2307 Unprotected Web Console
AVTECH DVR Multiple Vulnerabilities

DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities

Take action and discover your vulnerabilities