Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
References
Link | Resource |
---|---|
http://secunia.com/advisories/28521 | Not Applicable |
http://www.securityfocus.com/bid/27312 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/39724 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/4921 | Exploit Third Party Advisory VDB Entry |
http://secunia.com/advisories/28521 | Not Applicable |
http://www.securityfocus.com/bid/27312 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/39724 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/4921 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/28521 - Not Applicable | |
References | () http://www.securityfocus.com/bid/27312 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/39724 - Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/4921 - Exploit, Third Party Advisory, VDB Entry |
02 Nov 2022, 17:24
Type | Values Removed | Values Added |
---|---|---|
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/4921 - Exploit, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/27312 - Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/39724 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/28521 - Not Applicable | |
CPE | cpe:2.3:a:afterlogic:mailbee_webmail_pro:4.1:*:*:*:*:*:*:* |
cpe:2.3:a:afterlogic:mailbee_webmail_pro:4.1:*:*:*:*:asp.net:*:* |
Information
Published : 2008-01-17 22:00
Updated : 2024-11-21 00:41
NVD link : CVE-2008-0333
Mitre link : CVE-2008-0333
CVE.ORG link : CVE-2008-0333
JSON object : View
Products Affected
afterlogic
- mailbee_webmail_pro
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')