Skip to main content

CVE-2006-2308

Severity Medium
Score 5.5/10

Summary

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

  • LOW
  • NETWORK
  • SINGLE
  • PARTIAL
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published