CVE-2008-0333
published 2008-01-17CVE-2008-0333: Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.66%
95.5th percentile
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| afterlogic | mailbee_webmail_pro | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v7f2-x42c-c3gv: Directory traversal vulnerability in download_view_attachment
ghsa_unreviewed·2022-05-01
CVE-2008-0333 [MEDIUM] CWE-22 GHSA-v7f2-x42c-c3gv: Directory traversal vulnerability in download_view_attachment
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
Red Hat
libpng unknown chunk handling flaw
vendor_redhat·2008-04-12·CVSS 7.5
CVE-2008-1382 [HIGH] libpng unknown chunk handling flaw
libpng unknown chunk handling flaw
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Statement: This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 3.
Updates for affected versions of Red Hat Enterprise Linux can be found here:
http://rhn.redhat.com/errata/RHSA-2009-0333.html
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/28521http://www.securityfocus.com/bid/27312https://exchange.xforce.ibmcloud.com/vulnerabilities/39724https://www.exploit-db.com/exploits/4921http://secunia.com/advisories/28521http://www.securityfocus.com/bid/27312https://exchange.xforce.ibmcloud.com/vulnerabilities/39724https://www.exploit-db.com/exploits/4921
2008-01-17
Published