CVE-2008-0946
Ipswitch IM Server < 2.0.8.1 - Authenticated Path Traversal via Recipient Field
Title source: llmDescription
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/ipsimene-adv.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487748/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27677
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3697
Exploit x_refsource_misc
http://aluigi.org/poc/ipsimene.zip
Scores
EPSS
0.0355
EPSS Percentile
87.9%
Details
CWE
CWE-22
Status
published
Products (2)
ipswitch/imserver
< 2.0.8.1
ipswitch/instant_messaging
< 2.0.8.1
Published
Feb 25, 2008
Tracked Since
Feb 18, 2026