CVE-2006-5210

Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").

Date published : 2006-10-16

http://www.securityfocus.com/bid/20436

http://www.securityfocus.com/archive/1/448779/100/0/threaded