CVE

Id
46070  
CVE No.
CVE-2010-3486  
Status
Candidate  
Description
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.  
Phase
Assigned (20100922)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
501078 46070 CVE-2010-3486 EXPLOIT-DB:15048  View
501079 46070 CVE-2010-3486 URL:http://www.exploit-db.com/exploits/15048  View
501080 46070 CVE-2010-3486 MISC:http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html  View
501081 46070 CVE-2010-3486 MISC:http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt  View
501082 46070 CVE-2010-3486 BID:43324  View
501083 46070 CVE-2010-3486 URL:http://www.securityfocus.com/bid/43324  View
501084 46070 CVE-2010-3486 XF:smartermail-get-directory-traversal(61910)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
37363 JVNDB-2010-003148 FreePBX の設定インターフェース の System Recordings コンポーネントにおけるディレクトリトラバーサルの脆弱性 FreePBX の設定インターフェース の System Recordings コンポーネントの page.recordings.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2010-3490 46070 6.5 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003148.html  View