CVE-2008-0946

Ipswitch IM Server < 2.0.8.1 - Authenticated Path Traversal via Recipient Field

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487748/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27677
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3697
Exploit x_refsource_misc
http://aluigi.org/poc/ipsimene.zip

Scores

EPSS 0.0355
EPSS Percentile 87.9%

Details

CWE
CWE-22
Status published
Products (2)
ipswitch/imserver < 2.0.8.1
ipswitch/instant_messaging < 2.0.8.1
Published Feb 25, 2008
Tracked Since Feb 18, 2026