CVE-2006-4955

Neon WebMail <5.08 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4955. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Neon WebMail, including directory traversal, SQL injection, and file upload issues. It outlines potential attack vectors but does not include functional exploit code.

Description

Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tan Chew Keong · textwebappsjsp
https://www.exploit-db.com/exploits/28605

The provided text describes multiple vulnerabilities in Neon WebMail, including directory traversal, SQL injection, and file upload issues. It outlines potential attack vectors but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Neon WebMail 5.06, 5.07 (build.200607050)
No auth needed
Prerequisites: Access to the vulnerable Neon WebMail instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29090
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20109
Exploit, Patch x_refsource_misc
http://vuln.sg/neonmail506-en.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22029
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84199

Scores

EPSS 0.0783
EPSS Percentile 93.9%

Details

Status published
Products (2)
neosys/neon_webmail 5.06
neosys/neon_webmail 5.07
Published Sep 23, 2006
Tracked Since Feb 18, 2026