Vulnerability CVE-2006-4491


Published: 2006-08-31   Modified: 2008-11-11

Description:
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors.

Vendor: Cybozu
Product: Cybozu pocket 
Version: 5.2(0.7);
Product: Mailwise 
Version: 3.0(0.2);
Product: Garoon 1 
Version: 1.5(4.0);
Product: Cybozu ag 
Version: 1.2(1.4);
Product: Collaborex 

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://securitytracker.com/id?1016759
http://secunia.com/advisories/21656
http://jvn.jp/jp/JVN%2390420168/index.html
http://cybozu.co.jp/products/dl/notice_060825/
http://secunia.com/advisories/21638
http://www.osvdb.org/28262

Related CVE
CVE-2016-4843
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
CVE-2016-4844
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
CVE-2016-4842
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
CVE-2016-1217
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVE-2016-1218
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVE-2016-1220
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVE-2016-1213
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
CVE-2016-1214
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

Copyright 2017, cxsecurity.com