CVE-2006-4013
Symantec Brightmail AntiSpam < 6.0.4 - Path Traversal & Arbitrary File Write
Title source: llmDescription
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
References (9)
Core 9
Core References
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016600
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27590
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27589
Patch, Vendor Advisory x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3018
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28058
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28059
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21223
Scores
EPSS
0.0068
EPSS Percentile
71.8%
Details
CWE
CWE-22
Status
published
Products (4)
symantec/brightmail_antispam
4.0
symantec/brightmail_antispam
5.5
symantec/brightmail_antispam
6.0
symantec/brightmail_antispam
6.0.1
Published
Aug 07, 2006
Tracked Since
Feb 18, 2026