CVE-2008-0946

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.

Published: Feb 25, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0946
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ipswitch / imserver	-	2.0.8.1.x
ipswitch / instant_messaging	-	2.0.8.1.x

http://aluigi.altervista.org/adv/ipsimene-adv.txt
http://aluigi.org/poc/ipsimene.zip
http://securityreason.com/securityalert/3697
http://www.securityfocus.com/archive/1/487748/100/200/threaded
http://www.securityfocus.com/bid/27677

Vulnerability Database

289,784

CVE-2008-0946